Hi @lanhnguyen , and welcome to the Ansible forum!
Thanks for asking this question, because I’ve recently started to question how we’ve been arranging our projects for the last 7 years. It’s been working for us, but maybe that’s because we started with some fundamentally wrong assumptions. Anyway, ignoring what’s weird about our practices, here’s the “normal” part of how we’ve arranged our projects.
We’re responsible for about two dozen “service lines”, and for each of those we have one Ansible “project”. And by “project” I mean a git repo with a corresponding “SCM project” (that word is over-used!) in our own GitLab instance, as well as one (usually one, but sometimes more, and sometimes none) “AWX project(s)” (see?) in our AWX instance. These “service line projects” (git repositories) typically have a dozen or so Ansible playbooks at the top, as well as a “roles” directory that contains roles specific to that service line. We rarely have any task files, templates, plugins, etc. at the project level; such assets are almost always part of a role. Inside the “role” directory we also have one of the two “requirements.yml” files; the other one is in the top-level “collections” directory, which also contains “ansible_collections/mw/<local_collection_names>/”. The latter contains any local, project-specific collections; we’re unlikely to create any new local roles outside of these local collections.
Besides these “service line” projects, we also have developed a handful of what we call “mw_common_*” roles. These include roles to install/configure:
- locally-built packages,
- apache web servers to our group standards and expectations,
- tomcat / wildfly services
- log rotation
- monitoring
These are all listed as required in each service-line project’s “roles/requirements.yml” file. Similarly, collections that aren’t local to a service-line project are listed in the “collections/requirements.yml” file.
Production jobs for all this happen in our AWX instance. But development/testing work can happen either on our primary workstations or on our “bastion” hosts. Typically any of the projects we’re interested in are "git clone"d side-by-side in some work directory of our choosing. We have about 8 worker bees in our “Middleware” group (hence the “mw” popping up in our project names), so we have about 8 different editors in play. (Our “my editor is better than your editor” discussions are always fun!)
Besides these service-line projects and mw_common_*
projects, we have a few more. One is a skeleton project that we use as a template for new projects. Another, “defaults,” contains our agreed upon ansible-lint
config, some “extremely global” variables that all projects incorporate, and our group-wide static inventory which works for us because we have almost all static hosts. Plus there are a few scripts for housekeeping duties like running ansible-galaxy
commands when needed.
Finally, certain operations on our GitLab projects trigger Jenkins jobs via web hooks, like linting, and causing SCM updates in AWX when relevant branches are updated. And that’s about it.
Maybe something in here answers your question, or inspires more questions. I hope so.