What Should I Check First for `Permission denied`?

First separate control-host local permissions from target-host SSH or sudo permissions.

The three most common cases are:

1. dbbotctl env setup fails because it cannot write ~/.bashrc, /usr/bin/sshpass, or another local path.
2. Ansible cannot log in to the target host and reports Permission denied (publickey,password).
3. Login works, but the target-side user still cannot write the datadir, install packages, or manage systemd services.

Recommended check order:

1. Test SSH directly from the control host:

ssh <user>@<target_ip>

If this already fails, fix the SSH account, password, key, or known_hosts trust first.

2. Then verify the inventory fields:

• ansible_user
• ansible_ssh_pass
• whether become is required

3. If local bootstrap is failing, confirm the current user can:

• modify that user’s shell rc file
• write /usr/bin/sshpass on Linux when needed
• install python3, SELinux Python bindings, and other prerequisites

4. If target-side directory permissions are the problem, verify whether the target host should be managed as root or whether sudo / become has been configured correctly.

Additional advice:

• Do not blame Ansible first. Validate SSH login and path write permissions with native commands before returning to the playbook.
• If systemd has rate-limited the service after repeated failures, check start request repeated too quickly and reset the failed state first.