michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
294e6721eb49c4a02d51248ecbe45ccd6c3f274b
michaelschiemer/deployment/ansible/playbooks/diagnose-vpn-routing.yml

173 lines
5.9 KiB
YAML
Raw Blame History

---
- name: Diagnose VPN Routing Problem f?r Grafana
hosts: production
gather_facts: yes
become: yes
become_user: root
tasks:
- name: Check WireGuard interface status
shell: |
echo "=== WireGuard Interface Status ==="
ip addr show wg0 2>&1 || echo "WireGuard interface not found"
echo ""
echo "=== WireGuard Peers ==="
wg show 2>&1 || echo "WireGuard not running"
register: wg_status
ignore_errors: yes
failed_when: false
- name: Display WireGuard status
debug:
msg: "{{ wg_status.stdout_lines }}"
- name: Check routing table for VPN network
shell: |
echo "=== Routing Table for 10.8.0.0/24 ==="
ip route show | grep 10.8.0 || echo "No routes found for 10.8.0.0/24"
echo ""
echo "=== Default Route ==="
ip route show default || echo "No default route"
register: routing_info
ignore_errors: yes
failed_when: false
- name: Display routing information
debug:
msg: "{{ routing_info.stdout_lines }}"
- name: Check Traefik access logs for recent Grafana requests
shell: |
cd ~/deployment/stacks/traefik
echo "=== Recent Grafana Access (Last 10 requests) ==="
tail -50 logs/access.log | grep grafana | tail -10 | jq -r '[.ClientAddr, .ClientHost, .RequestHost, .DownstreamStatus] | @tsv' 2>&1 || tail -50 logs/access.log | grep grafana | tail -10
args:
executable: /bin/bash
register: traefik_access
ignore_errors: yes
failed_when: false
- name: Display Traefik access logs
debug:
msg: "{{ traefik_access.stdout_lines }}"
- name: Test DNS resolution from server
shell: |
echo "=== DNS Resolution Tests ==="
echo "1. Grafana via VPN DNS (10.8.0.1):"
dig +short grafana.michaelschiemer.de @10.8.0.1 2>&1 || echo "Failed"
echo ""
echo "2. Grafana via public DNS (8.8.8.8):"
dig +short grafana.michaelschiemer.de @8.8.8.8 2>&1 || echo "Failed"
echo ""
echo "3. Grafana via system DNS:"
dig +short grafana.michaelschiemer.de 2>&1 || echo "Failed"
args:
executable: /bin/bash
register: dns_tests
ignore_errors: yes
failed_when: false
- name: Display DNS test results
debug:
msg: "{{ dns_tests.stdout_lines }}"
- name: Check firewall rules for WireGuard
shell: |
echo "=== Firewall Rules for WireGuard (port 51820) ==="
sudo ufw status | grep 51820 || sudo iptables -L -n | grep 51820 || echo "No firewall rules found"
echo ""
echo "=== Allowed IPs in WireGuard Config ==="
grep -E "AllowedIPs" /etc/wireguard/wg0.conf 2>&1 || echo "WireGuard config not found"
args:
executable: /bin/bash
register: firewall_info
ignore_errors: yes
failed_when: false
- name: Display firewall information
debug:
msg: "{{ firewall_info.stdout_lines }}"
- name: Check Traefik forwardedHeaders configuration
shell: |
cd ~/deployment/stacks/traefik
echo "=== Traefik forwardedHeaders Config ==="
grep -A 10 "forwardedHeaders:" traefik.yml || echo "Not found"
args:
executable: /bin/bash
register: forwarded_headers
ignore_errors: yes
failed_when: false
- name: Display forwardedHeaders configuration
debug:
msg: "{{ forwarded_headers.stdout_lines }}"
- name: Check Grafana middleware configuration
shell: |
cd ~/deployment/stacks/traefik/dynamic
echo "=== Grafana VPN Only Middleware ==="
grep -A 6 "grafana-vpn-only:" middlewares.yml || echo "Not found"
args:
executable: /bin/bash
register: grafana_middleware
ignore_errors: yes
failed_when: false
- name: Display Grafana middleware configuration
debug:
msg: "{{ grafana_middleware.stdout_lines }}"
- name: Check CoreDNS configuration
shell: |
cd ~/deployment/stacks/dns
echo "=== CoreDNS Corefile ==="
cat Corefile 2>&1 || echo "Not found"
args:
executable: /bin/bash
register: coredns_config
ignore_errors: yes
failed_when: false
- name: Display CoreDNS configuration
debug:
msg: "{{ coredns_config.stdout_lines }}"
- name: Test connection to Grafana from server via VPN IP
shell: |
echo "=== Test Connection to Grafana via VPN IP (10.8.0.1) ==="
curl -k -H "User-Agent: Mozilla/5.0" -s -o /dev/null -w "HTTP %{http_code}\n" https://10.8.0.1:443 -H "Host: grafana.michaelschiemer.de" 2>&1 || echo "Connection failed"
echo ""
echo "=== Test Connection via Domain ==="
curl -k -H "User-Agent: Mozilla/5.0" -s -o /dev/null -w "HTTP %{http_code}\n" https://grafana.michaelschiemer.de/ 2>&1 || echo "Connection failed"
args:
executable: /bin/bash
register: connection_tests
ignore_errors: yes
failed_when: false
- name: Display connection test results
debug:
msg: "{{ connection_tests.stdout_lines }}"
- name: Monitor Traefik access logs in real-time (for next request)
shell: |
echo "=== Instructions ==="
echo "1. Connect to VPN with your WireGuard client"
echo "2. Ensure DNS is set to 10.8.0.1 in WireGuard config"
echo "3. Access https://grafana.michaelschiemer.de in your browser"
echo "4. Check the ClientAddr in the access logs below"
echo ""
echo "=== Last Grafana Access Attempt ==="
tail -1 ~/deployment/stacks/traefik/logs/access.log 2>&1 | jq -r '[.ClientAddr, .ClientHost, .DownstreamStatus] | @tsv' || tail -1 ~/deployment/stacks/traefik/logs/access.log
args:
executable: /bin/bash
register: monitoring_info
ignore_errors: yes
failed_when: false
- name: Display monitoring instructions
debug:
msg: "{{ monitoring_info.stdout_lines }}"
Reference in New Issue View Git Blame Copy Permalink