diff --git a/README.md b/README.md
index 07d13e3..97212dd 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,9 @@ All other var can be use at is, because all is in docker network and not exposed
 Hints: 
 * API user setup only runs once at start up!
 * Redis conf runs every time
+* DONT Remove ICINGA_API_HOST var! 
+  * This var set the hostname for the container. 
+  * The hostname is used for icinga2 master setup
 
 If you plan to use satellites and wish full auto deployment.   
 Set ICINGA2_API_USER_SATELLITE_PASS to get a API user for ticket generation (only on fist init).  
diff --git a/init.sh b/init.sh
index 22c1cd0..9d3be9c 100644
--- a/init.sh
+++ b/init.sh
@@ -5,13 +5,26 @@ ICINGA2_FILE_API_USER_CONF=/etc/icinga2/conf.d/api-users.conf
 ICINGA2_FILE_ICINGADB_CONF=/etc/icinga2/features-enabled/icingadb.conf
 ICINGA2_FILE_INFLUXDB_CONF=/etc/icinga2/features-enabled/influxdb.conf
 
+ICINGA2_CONF_DIR='/etc/icinga2/conf.d'
+ICINGA2_ZONE_MASTER='/etc/icinga2/zones.d/master'
+ICINGA2_GLOBAL_TEMPLATES='/etc/icinga2/zones.d/global-templates'
+
 ## init icinga config files if need
 if [ -z "$(ls -A /data)" ]; then
 	echo init icinga2 config
 	cp -ax /data-init/* /data
 	rm -rf /data-init
+
+    ## init node as master and global templates
+    icinga2 node setup --master --disable-confd
+    mkdir -p $ICINGA2_GLOBAL_TEMPLATES
+    mkdir -p $ICINGA2_ZONE_MASTER
+    mv $ICINGA2_CONF_DIR/hosts.conf $ICINGA2_ZONE_MASTER/
+    mv $ICINGA2_CONF_DIR/*.conf $ICINGA2_GLOBAL_TEMPLATES/
+    mv $ICINGA2_GLOBAL_TEMPLATES/api-users.conf $ICINGA2_CONF_DIR/
 fi
 
+
 ## init api user
 if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
     echo run api setup because no config exists
@@ -32,6 +45,9 @@ if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
         echo '  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]' >> $ICINGA2_FILE_API_USER_CONF
         echo '}' >> $ICINGA2_FILE_API_USER_CONF
     fi
+
+    ## only on inital setup create a pki-ticket api user if env var is set
+    ## permission source: https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#csr-auto-signing-on-the-master
     if [ ! -z "$ICINGA2_API_USER_SATELLITE_PASS" ]; then
         echo set inital icingadb api user
         echo 'object ApiUser "pki-ticket" {' >> $ICINGA2_FILE_API_USER_CONF