chore: update VPN routing configuration and add Grafana VPN documentation

2025-11-02 18:10:04 +01:00
parent 2dd8468d70
commit 7b7f0b41d2
41 changed files with 3727 additions and 11 deletions
--- a/deployment/ansible/playbooks/monitor-grafana-client-ip.yml
+++ b/deployment/ansible/playbooks/monitor-grafana-client-ip.yml
@@ -0,0 +1,75 @@
+---
+- name: Monitor Grafana Client IP - Wait for Next Request
+  hosts: production
+  gather_facts: no
+  become: no
+
+  tasks:
+    - name: Instructions
+      debug:
+        msg:
+          - "=== LIVE MONITORING ==="
+          - "Bitte mache JETZT einen Zugriff auf https://grafana.michaelschiemer.de im Browser"
+          - "Ich warte 30 Sekunden und pr?fe dann die Logs..."
+          - ""
+
+    - name: Wait for access attempt
+      pause:
+        seconds: 30
+
+    - name: Check recent Grafana access attempts
+      shell: |
+        cd ~/deployment/stacks/traefik
+        echo "=== Last 10 Grafana Access Attempts ==="
+        tail -100 logs/access.log | grep -i grafana | tail -10
+      args:
+        executable: /bin/bash
+      register: recent_access
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Extract client IPs
+      shell: |
+        cd ~/deployment/stacks/traefik
+        echo "=== Client IPs in recent requests ==="
+        tail -20 logs/access.log | grep -i grafana | tail -10 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u
+      args:
+        executable: /bin/bash
+      register: client_ips
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display client IPs
+      debug:
+        msg: "{{ client_ips.stdout_lines }}"
+
+    - name: Check if IP is VPN IP
+      shell: |
+        cd ~/deployment/stacks/traefik
+        tail -10 logs/access.log | grep -i grafana | tail -5 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | while read ip; do
+          if [[ "$ip" =~ ^10\.8\.0\.[0-9]+$ ]]; then
+            echo "? $ip -> VPN IP (10.8.0.0/24) - Traffic kommt ?ber VPN!"
+          else
+            echo "? $ip -> Public IP (nicht VPN) - Traffic kommt NICHT ?ber VPN"
+          fi
+        done
+      args:
+        executable: /bin/bash
+      register: vpn_check
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display VPN check
+      debug:
+        msg: "{{ vpn_check.stdout_lines }}"
+
+    - name: Recommendations
+      debug:
+        msg:
+          - ""
+          - "=== ERGEBNIS ==="
+          - "Wenn ClientHost: 10.8.0.7 (VPN-IP) ? Traffic kommt ?ber VPN ?"
+          - "Dann k?nnen wir die tempor?re IP-Erlaubnis entfernen!"
+          - ""
+          - "Wenn ClientHost: 89.246.96.244 (?ffentliche IP) ? Traffic kommt NICHT ?ber VPN ?"
+          - "Dann m?ssen wir VPN-Routing noch weiter fixen"