chore: update VPN routing configuration and add Grafana VPN documentation

2025-11-02 18:10:04 +01:00
parent 2dd8468d70
commit 7b7f0b41d2
41 changed files with 3727 additions and 11 deletions
--- a/deployment/ansible/playbooks/check-latest-grafana-access.yml
+++ b/deployment/ansible/playbooks/check-latest-grafana-access.yml
@@ -0,0 +1,55 @@
+---
+- name: Check Latest Grafana Access - Client IP Analysis
+  hosts: production
+  gather_facts: no
+  become: no
+
+  tasks:
+    - name: Get latest Grafana access logs
+      shell: |
+        cd ~/deployment/stacks/traefik
+        echo "=== Latest 5 Grafana Access Logs ==="
+        tail -100 logs/access.log | grep -i grafana | tail -5
+      args:
+        executable: /bin/bash
+      register: latest_logs
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Extract client IPs from latest logs
+      shell: |
+        cd ~/deployment/stacks/traefik
+        tail -50 logs/access.log | grep -i grafana | tail -10 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u
+      args:
+        executable: /bin/bash
+      register: client_ips
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display latest logs
+      debug:
+        msg: "{{ latest_logs.stdout_lines }}"
+
+    - name: Display client IPs
+      debug:
+        msg: "{{ client_ips.stdout_lines }}"
+
+    - name: Analyze if traffic comes from VPN
+      shell: |
+        cd ~/deployment/stacks/traefik
+        if tail -20 logs/access.log | grep -i grafana | tail -5 | grep -oP '"ClientHost":"[^"]*"' | grep -q "10.8.0"; then
+          echo "? Traffic kommt ?ber VPN! (ClientHost: 10.8.0.x)"
+        elif tail -20 logs/access.log | grep -i grafana | tail -5 | grep -oP '"ClientHost":"[^"]*"' | grep -q "89.246.96.244"; then
+          echo "? Traffic kommt NICHT ?ber VPN (ClientHost: 89.246.96.244 - ?ffentliche IP)"
+        else
+          echo "?? Keine aktuellen Grafana-Logs gefunden. Bitte mache einen Zugriff auf https://grafana.michaelschiemer.de"
+        fi
+      args:
+        executable: /bin/bash
+      register: analysis
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display analysis
+      debug:
+        msg: "{{ analysis.stdout_lines }}"