Password lookup called wrong, all generated passwords were 20 chars long, regardless of specification.

roles/blog/defaults/main.yml

@@ -5,14 +5,14 @@ secret: '{{ secret_root + "/" + secret_name }}'
 
 # must match values in roles/common
 db_admin_username: 'postgres'
-db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password', length=32) }}"
+db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password length=32') }}"
 
 fathom_db_username: 'fathom'
-fathom_db_password: "{{ lookup('password', secret + '/' + 'fathom_db_password', length=32) }}"
+fathom_db_password: "{{ lookup('password', secret + '/' + 'fathom_db_password length=32') }}"
 fathom_db_database: 'fathom'
 fathom_admin_username: "{{ admin_email }}"
-fathom_admin_password: "{{ lookup('password', secret + '/' + 'fathom_admin_password', length=32) }}"
+fathom_admin_password: "{{ lookup('password', secret + '/' + 'fathom_admin_password length=32') }}"
 fathom_internal_port: '9000'
-fathom_secret: "{{ lookup('password', secret + '/' + 'fathom_secret', length=32) }}"
+fathom_secret: "{{ lookup('password', secret + '/' + 'fathom_secret length=32') }}"
 fathom_version: '1.2.1'
 fathom_release: "https://github.com/usefathom/fathom/releases/download/v{{ fathom_version }}/fathom_{{ fathom_version }}_linux_amd64.tar.gz"

roles/common/defaults/main.yml

@@ -10,7 +10,7 @@ secret_name: 'secret'
 secret: '{{ secret_root + "/" + secret_name }}'
 
 db_admin_username: 'postgres'
-db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password', length=32) }}"
+db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password length=32') }}"
 
 # let's encrypt
 letsencrypt_server: "https://acme-v01.api.letsencrypt.org/directory"

roles/mailserver/defaults/main.yml

@@ -4,10 +4,10 @@ secret: '{{ secret_root + "/" + secret_name }}'
 
 # must match values in roles/common
 db_admin_username: 'postgres'
-db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password', length=32) }}"
+db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password length=32') }}"
 
 mail_db_username: 'mailuser'
-mail_db_password: "{{ lookup('password', secret + '/' + 'mail_db_password', length=32) }}"
+mail_db_password: "{{ lookup('password', secret + '/' + 'mail_db_password length=32') }}"
 mail_db_database: 'mailserver'
 
 mail_server_hostname: "mail.{{ domain }}"

roles/news/defaults/main.yml

@@ -4,7 +4,7 @@ secret: '{{ secret_root + "/" + secret_name }}'
 
 selfoss_domain: "news.{{ domain }}"
 selfoss_db_username: selfoss
-selfoss_db_password: "{{ lookup('password', secret + '/' + 'selfoss_db_password', length=32) }}"
+selfoss_db_password: "{{ lookup('password', secret + '/' + 'selfoss_db_password length=32') }}"
 selfoss_db_database: selfoss
 selfoss_version: 2.16
 
@@ -14,4 +14,4 @@ selfoss_password_hash: "{{ lookup('password', secret + '/' + 'selfoss_password_h
 
 # must match values in roles/common
 db_admin_username: 'postgres'
-db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password', length=32) }}"
+db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password length=32') }}"

roles/owncloud/defaults/main.yml

@@ -4,5 +4,5 @@ secret: '{{ secret_root + "/" + secret_name }}'
 
 owncloud_domain: "cloud.{{ domain }}"
 owncloud_db_username: owncloud
-owncloud_db_password: "{{ lookup('password', secret + '/' + 'owncloud_db_password', length=32) }}"
+owncloud_db_password: "{{ lookup('password', secret + '/' + 'owncloud_db_password length=32') }}"
 owncloud_db_database: owncloud

roles/webmail/templates/etc_roundcube_config.inc.j2

@@ -69,7 +69,7 @@ $config['product_name'] = '{{ domain }} Webmail';
 // in the session record (and the client cookie if remember password is enabled).
 // please provide a string of exactly 24 chars.
 // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
-$config['des_key'] = '{{ lookup('password', secret + '/' + 'roundcube_des_key', length=24) }}';
+$config['des_key'] = '{{ lookup('password', secret + '/' + 'roundcube_des_key length=24') }}';
 
 // List of active plugins (in plugins/ directory)
 // Debian: install roundcube-plugins first to have any