diff --git a/roles/icinga_agent/defaults/main.yml b/roles/icinga_agent/defaults/main.yml
new file mode 100644
index 0000000..3fccf20
--- /dev/null
+++ b/roles/icinga_agent/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+icinga_user: nagios
+icinga_group: nagios
diff --git a/roles/icinga_agent/tasks/main.yml b/roles/icinga_agent/tasks/main.yml
new file mode 100644
index 0000000..221714a
--- /dev/null
+++ b/roles/icinga_agent/tasks/main.yml
@@ -0,0 +1,58 @@
+---
+
+- name: Install icinga
+  apt: name=icinga2
+
+- name: Check if client is already enrolled
+  stat:
+    path: /var/lib/icinga2/certs/{{ ansible_fqdn }}.crt
+  register: cert_file
+
+- name: Enroll agent on master server
+  block:
+  - name: Ensure certificate directory exists
+    file:
+      path: /var/lib/icinga2/certs
+      state: directory
+      owner: "{{ icinga_user }}"
+      group: "{{ icinga_group }}"
+
+  - name: Copy certificate from master
+    fetch:
+      src: /var/lib/icinga2/certs/{{ icinga_server }}.crt
+      dest: /tmp/{{ icinga_server }}.crt
+      flat: true
+    delegate_to: "{{ icinga_server }}"
+
+  - name: Copy certificate to host
+    copy:
+      src: /tmp/{{ icinga_server }}.crt
+      dest: /var/lib/icinga2/certs/{{ icinga_server }}.crt
+      owner: "{{ icinga_user }}"
+      group: "{{ icinga_group }}"
+
+  - name: Get ticket from master
+    shell: "icinga2 pki ticket --cn {{ ansible_fqdn }}"
+    register: "icinga_ticket"
+    changed_when: "False"
+    delegate_to: "{{ icinga_server }}"
+
+  - name: Setup node
+    command:
+      argv:
+      - icinga2
+      - node
+      - setup
+      - --ticket
+      - "{{ icinga_ticket.stdout | trim }}"
+      - --endpoint
+      - "{{ icinga_server }}"
+      - --zone
+      - "{{ ansible_fqdn }}"
+      - --parent_host
+      - "{{ icinga_server }}"
+      - --trustedcert
+      - "/var/lib/icinga2/certs/{{ icinga_server }}.crt"
+      - --accept-commands
+      - --accept-config
+  when: not cert_file.stat.exists