michaelschiemer/deployment/ansible/playbooks/check-after-grafana-access.yml

---
- name: Check Traefik Logs After Grafana Access
  hosts: production
  gather_facts: no
  become: no

  tasks:
    - name: Instructions
      debug:
        msg:
          - "=== ANWEISUNG ==="
          - "Bitte mache JETZT einen Zugriff auf https://grafana.michaelschiemer.de im Browser"
          - "Dann pr?fe ich die Logs und sage dir, ob Traffic ?ber VPN kommt"
          - ""

    - name: Wait for access
      pause:
        seconds: 15

    - name: Get last 20 Grafana requests
      shell: |
        cd ~/deployment/stacks/traefik
        tail -500 logs/access.log | grep -i grafana | tail -20
      args:
        executable: /bin/bash
      register: recent_grafana_logs
      ignore_errors: yes
      failed_when: false

    - name: Extract and display client IPs with timestamps
      shell: |
        cd ~/deployment/stacks/traefik
        tail -100 logs/access.log | grep -i grafana | tail -10 | while IFS= read -r line; do
          time=$(echo "$line" | grep -oP '"time":"[^"]*"' | sed 's/"time":"//;s/"//' | cut -d'T' -f2 | cut -d'+' -f1)
          client=$(echo "$line" | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//')
          status=$(echo "$line" | grep -oP '"DownstreamStatus":[0-9]+' | sed 's/"DownstreamStatus"://')
          if [[ "$client" =~ ^10\.8\.0\.[0-9]+$ ]]; then
            echo "$time | ClientHost: $client | Status: $status ? VPN-IP (Traffic kommt ?ber VPN!)"
          elif [[ "$client" == "89.246.96.244" ]]; then
            echo "$time | ClientHost: $client | Status: $status ? ?ffentliche IP (Traffic kommt NICHT ?ber VPN)"
          else
            echo "$time | ClientHost: $client | Status: $status ? Unbekannte IP"
          fi
        done
      args:
        executable: /bin/bash
      register: analysis_result
      ignore_errors: yes
      failed_when: false

    - name: Display analysis
      debug:
        msg: "{{ analysis_result.stdout_lines }}"

    - name: Get unique client IPs from last 10 requests
      shell: |
        cd ~/deployment/stacks/traefik
        tail -100 logs/access.log | grep -i grafana | tail -10 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u
      args:
        executable: /bin/bash
      register: unique_ips
      ignore_errors: yes
      failed_when: false

    - name: Display unique IPs
      debug:
        msg: "{{ unique_ips.stdout_lines }}"

    - name: Final verdict
      debug:
        msg:
          - ""
          - "=== ERGEBNIS ==="
          - "Pr?fe die obigen Zeilen:"
          - "- ? Wenn ClientHost: 10.8.0.7 ? Traffic kommt ?ber VPN!"
          - "- ? Wenn ClientHost: 89.246.96.244 ? Traffic kommt NICHT ?ber VPN"
          - ""
          - "N?chster Schritt: Wenn VPN funktioniert, entfernen wir die tempor?re IP-Erlaubnis!"