Fix DigitalOcean API error handling and improve debugging (fixes #14829) (#14830)

* Fix DigitalOcean API error handling and debugging (fixes #14829) - Replace hardcoded no_log with configurable algo_no_log variable - Add comprehensive error checking with specific guidance for each HTTP status code - Provide actionable troubleshooting steps without exposing sensitive data - Add troubleshooting section to config.cfg for better discoverability - Enable debugging by setting algo_no_log: false when needed This fix addresses issue #14829 where users couldn't debug DigitalOcean API failures due to hidden error messages from no_log: true directive. * Clean up config.cfg - consolidate algo_no_log setting - Move algo_no_log setting to top troubleshooting section - Remove duplicate setting from line 117 - Keep the prominent warning about debugging at the top where users will see it - Cleaner, single source of truth for the setting
2025-09-16 00:43:24 +02:00 · 2025-09-15 10:20:31 -04:00 · 2025-09-15 10:20:31 -04:00 · ac9d7b0e2c
commit ac9d7b0e2c
parent cddb5df395
2 changed files with 64 additions and 4 deletions
--- a/config.cfg
+++ b/config.cfg
@ -1,5 +1,15 @@
 ---

+# ============================================
+# TROUBLESHOOTING DEPLOYMENT ISSUES
+# ============================================
+# If your deployment fails with hidden/censored output, temporarily set
+# algo_no_log to 'false' below. This will show detailed error messages
+# including API responses.
+# IMPORTANT: Set back to 'true' before sharing logs or screenshots!
+# ============================================
+algo_no_log: true  # Set to 'false' for debugging (shows sensitive data in output)
+
 # This is the list of users to generate.
 # Every device must have a unique user.
 # You can add up to 65,534 new users over the lifetime of an AlgoVPN.
@ -103,9 +113,6 @@ wireguard_PersistentKeepalive: 0
 local_service_ip: "{{ '172.16.0.1' | ansible.utils.ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}"
 local_service_ipv6: "{{ 'fd00::1' | ansible.utils.ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}"

-# Hide sensitive data in Ansible output during deployment (passwords, keys, etc.)
-# This is NOT related to privacy/logging on the VPN server itself
-algo_no_log: true

 congrats:
  common: |
--- a/roles/cloud-digitalocean/tasks/prompts.yml
+++ b/roles/cloud-digitalocean/tasks/prompts.yml
@ -23,7 +23,60 @@
      Content-Type: application/json
      Authorization: Bearer {{ algo_do_token }}
  register: _do_regions
-  no_log: true
+  no_log: "{{ algo_no_log | default(true) }}"
+  failed_when: false
+
+- name: Check DigitalOcean API response
+  fail:
+    msg: |
+      {% if _do_regions.status == 401 %}
+      DigitalOcean API authentication failed (401 Unauthorized)
+
+      Your API token is invalid or expired. Please:
+      1. Go to https://cloud.digitalocean.com/settings/api/tokens
+      2. Create a new token with 'Read' and 'Write' scopes
+      3. Run the deployment again with the new token
+
+      {% elif _do_regions.status == 403 %}
+      DigitalOcean API access denied (403 Forbidden)
+
+      Your API token lacks required permissions. Please:
+      1. Go to https://cloud.digitalocean.com/settings/api/tokens
+      2. Ensure your token has both 'Read' and 'Write' scopes
+      3. Consider creating a new token with full access
+
+      {% elif _do_regions.status == 429 %}
+      DigitalOcean API rate limit exceeded (429 Too Many Requests)
+
+      You've hit the API rate limit. Please:
+      1. Wait 5-10 minutes before retrying
+      2. Check if other applications are using your token
+
+      {% elif _do_regions.status == 500 or _do_regions.status == 502 or _do_regions.status == 503 %}
+      DigitalOcean API server error ({{ _do_regions.status }})
+
+      DigitalOcean is experiencing issues. Please:
+      1. Check https://status.digitalocean.com for outages
+      2. Wait a few minutes and try again
+
+      {% elif _do_regions.status is undefined %}
+      Failed to connect to DigitalOcean API
+
+      Could not reach api.digitalocean.com. Please check:
+      1. Your internet connection
+      2. Firewall rules (port 443 must be open)
+      3. DNS resolution for api.digitalocean.com
+
+      {% else %}
+      DigitalOcean API error (HTTP {{ _do_regions.status }})
+
+      An unexpected error occurred. Please:
+      1. Verify your API token at https://cloud.digitalocean.com/settings/api/tokens
+      2. Check https://status.digitalocean.com for service issues
+      {% endif %}
+
+      For detailed error messages: Set 'algo_no_log: false' in config.cfg and run again
+  when: _do_regions.status != 200

 - name: Set facts about the regions
  set_fact: