diff --git a/config.cfg b/config.cfg index ddf80f51e..f54a6107f 100644 --- a/config.cfg +++ b/config.cfg @@ -1,5 +1,15 @@ --- +# ============================================ +# TROUBLESHOOTING DEPLOYMENT ISSUES +# ============================================ +# If your deployment fails with hidden/censored output, temporarily set +# algo_no_log to 'false' below. This will show detailed error messages +# including API responses. +# IMPORTANT: Set back to 'true' before sharing logs or screenshots! +# ============================================ +algo_no_log: true # Set to 'false' for debugging (shows sensitive data in output) + # This is the list of users to generate. # Every device must have a unique user. # You can add up to 65,534 new users over the lifetime of an AlgoVPN. @@ -103,9 +113,6 @@ wireguard_PersistentKeepalive: 0 local_service_ip: "{{ '172.16.0.1' | ansible.utils.ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}" local_service_ipv6: "{{ 'fd00::1' | ansible.utils.ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}" -# Hide sensitive data in Ansible output during deployment (passwords, keys, etc.) -# This is NOT related to privacy/logging on the VPN server itself -algo_no_log: true congrats: common: | diff --git a/roles/cloud-digitalocean/tasks/prompts.yml b/roles/cloud-digitalocean/tasks/prompts.yml index f8f8e28dc..786e554a1 100644 --- a/roles/cloud-digitalocean/tasks/prompts.yml +++ b/roles/cloud-digitalocean/tasks/prompts.yml @@ -23,7 +23,60 @@ Content-Type: application/json Authorization: Bearer {{ algo_do_token }} register: _do_regions - no_log: true + no_log: "{{ algo_no_log | default(true) }}" + failed_when: false + +- name: Check DigitalOcean API response + fail: + msg: | + {% if _do_regions.status == 401 %} + DigitalOcean API authentication failed (401 Unauthorized) + + Your API token is invalid or expired. Please: + 1. Go to https://cloud.digitalocean.com/settings/api/tokens + 2. Create a new token with 'Read' and 'Write' scopes + 3. Run the deployment again with the new token + + {% elif _do_regions.status == 403 %} + DigitalOcean API access denied (403 Forbidden) + + Your API token lacks required permissions. Please: + 1. Go to https://cloud.digitalocean.com/settings/api/tokens + 2. Ensure your token has both 'Read' and 'Write' scopes + 3. Consider creating a new token with full access + + {% elif _do_regions.status == 429 %} + DigitalOcean API rate limit exceeded (429 Too Many Requests) + + You've hit the API rate limit. Please: + 1. Wait 5-10 minutes before retrying + 2. Check if other applications are using your token + + {% elif _do_regions.status == 500 or _do_regions.status == 502 or _do_regions.status == 503 %} + DigitalOcean API server error ({{ _do_regions.status }}) + + DigitalOcean is experiencing issues. Please: + 1. Check https://status.digitalocean.com for outages + 2. Wait a few minutes and try again + + {% elif _do_regions.status is undefined %} + Failed to connect to DigitalOcean API + + Could not reach api.digitalocean.com. Please check: + 1. Your internet connection + 2. Firewall rules (port 443 must be open) + 3. DNS resolution for api.digitalocean.com + + {% else %} + DigitalOcean API error (HTTP {{ _do_regions.status }}) + + An unexpected error occurred. Please: + 1. Verify your API token at https://cloud.digitalocean.com/settings/api/tokens + 2. Check https://status.digitalocean.com for service issues + {% endif %} + + For detailed error messages: Set 'algo_no_log: false' in config.cfg and run again + when: _do_regions.status != 200 - name: Set facts about the regions set_fact: