96 lines
3.0 KiB
YAML
96 lines
3.0 KiB
YAML
---
|
|
- name: Live Monitor Grafana Access - Watch Traefik Logs in Real-Time
|
|
hosts: production
|
|
gather_facts: no
|
|
become: no
|
|
|
|
tasks:
|
|
- name: Clear previous Grafana access attempts count
|
|
shell: |
|
|
echo "Starting live monitoring. Make a request to https://grafana.michaelschiemer.de now!"
|
|
echo "Waiting 10 seconds for you to make a request..."
|
|
sleep 10
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Show recent Grafana access attempts
|
|
shell: |
|
|
cd ~/deployment/stacks/traefik
|
|
echo "=== Last 5 Grafana Access Attempts ==="
|
|
tail -100 logs/access.log | grep -i grafana | tail -5
|
|
args:
|
|
executable: /bin/bash
|
|
register: recent_access
|
|
ignore_errors: yes
|
|
failed_when: false
|
|
|
|
- name: Display recent access attempts
|
|
debug:
|
|
msg: "{{ recent_access.stdout_lines }}"
|
|
|
|
- name: Check current client IP pattern
|
|
shell: |
|
|
cd ~/deployment/stacks/traefik
|
|
echo "=== Client IPs in recent Grafana requests ==="
|
|
tail -50 logs/access.log | grep -i grafana | tail -10 | grep -oP '"ClientHost":"[^"]*"' | head -5
|
|
args:
|
|
executable: /bin/bash
|
|
register: client_ips
|
|
ignore_errors: yes
|
|
failed_when: false
|
|
|
|
- name: Display client IPs
|
|
debug:
|
|
msg: "{{ client_ips.stdout_lines }}"
|
|
|
|
- name: Extract and check client IPs
|
|
shell: |
|
|
cd ~/deployment/stacks/traefik
|
|
echo "=== Checking if client IPs are in VPN range (10.8.0.0/24) ==="
|
|
tail -20 logs/access.log | grep -i grafana | tail -3 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | while read ip; do
|
|
if [[ "$ip" =~ ^10\.8\.0\.[0-9]+$ ]]; then
|
|
echo "$ip -> In VPN range (10.8.0.0/24): YES"
|
|
else
|
|
echo "$ip -> In VPN range (10.8.0.0/24): NO (this is the problem!)"
|
|
fi
|
|
done
|
|
args:
|
|
executable: /bin/bash
|
|
register: vpn_check
|
|
ignore_errors: yes
|
|
failed_when: false
|
|
|
|
- name: Display VPN range check
|
|
debug:
|
|
msg: "{{ vpn_check.stdout_lines }}"
|
|
|
|
- name: Show Traefik middleware errors
|
|
shell: |
|
|
cd ~/deployment/stacks/traefik
|
|
echo "=== Traefik Middleware Errors (if any) ==="
|
|
tail -50 logs/traefik.log | grep -iE "(grafana|ipallowlist|403|middleware)" | tail -10 || echo "No middleware errors found"
|
|
args:
|
|
executable: /bin/bash
|
|
register: middleware_errors
|
|
ignore_errors: yes
|
|
failed_when: false
|
|
|
|
- name: Display middleware errors
|
|
debug:
|
|
msg: "{{ middleware_errors.stdout_lines }}"
|
|
|
|
- name: Verify middleware configuration
|
|
shell: |
|
|
cd ~/deployment/stacks/traefik/dynamic
|
|
echo "=== Current grafana-vpn-only Middleware ==="
|
|
grep -A 6 "grafana-vpn-only:" middlewares.yml
|
|
args:
|
|
executable: /bin/bash
|
|
register: middleware_config
|
|
ignore_errors: yes
|
|
failed_when: false
|
|
|
|
- name: Display middleware configuration
|
|
debug: |
|
|
msg: "{{ middleware_config.stdout_lines }}"
|