--- - name: Monitor Grafana Client IP - Wait for Next Request hosts: production gather_facts: no become: no tasks: - name: Instructions debug: msg: - "=== LIVE MONITORING ===" - "Bitte mache JETZT einen Zugriff auf https://grafana.michaelschiemer.de im Browser" - "Ich warte 30 Sekunden und pr?fe dann die Logs..." - "" - name: Wait for access attempt pause: seconds: 30 - name: Check recent Grafana access attempts shell: | cd ~/deployment/stacks/traefik echo "=== Last 10 Grafana Access Attempts ===" tail -100 logs/access.log | grep -i grafana | tail -10 args: executable: /bin/bash register: recent_access ignore_errors: yes failed_when: false - name: Extract client IPs shell: | cd ~/deployment/stacks/traefik echo "=== Client IPs in recent requests ===" tail -20 logs/access.log | grep -i grafana | tail -10 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u args: executable: /bin/bash register: client_ips ignore_errors: yes failed_when: false - name: Display client IPs debug: msg: "{{ client_ips.stdout_lines }}" - name: Check if IP is VPN IP shell: | cd ~/deployment/stacks/traefik tail -10 logs/access.log | grep -i grafana | tail -5 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | while read ip; do if [[ "$ip" =~ ^10\.8\.0\.[0-9]+$ ]]; then echo "? $ip -> VPN IP (10.8.0.0/24) - Traffic kommt ?ber VPN!" else echo "? $ip -> Public IP (nicht VPN) - Traffic kommt NICHT ?ber VPN" fi done args: executable: /bin/bash register: vpn_check ignore_errors: yes failed_when: false - name: Display VPN check debug: msg: "{{ vpn_check.stdout_lines }}" - name: Recommendations debug: msg: - "" - "=== ERGEBNIS ===" - "Wenn ClientHost: 10.8.0.7 (VPN-IP) ? Traffic kommt ?ber VPN ?" - "Dann k?nnen wir die tempor?re IP-Erlaubnis entfernen!" - "" - "Wenn ClientHost: 89.246.96.244 (?ffentliche IP) ? Traffic kommt NICHT ?ber VPN ?" - "Dann m?ssen wir VPN-Routing noch weiter fixen"