Diviner Phacility User Docs Phacility Instance Limitations

Phacility Instance Limitations
Phacility User Documentation (Administrating Instances)

Describes features which are not supported in the Phacility cluster.

Overview

Although the Phacility cluster supports almost all Phabricator features, some features are not supported. This document describes things that won't work in the cluster.

Summary

These are the current limitations of Phacility instances:

LimitationNotes
No Custom DomainsInstances are mycompany.phacility.com.
No Prototype ApplicationsThese can not be enabled in the cluster.
No Custom Plugins/ExtensionsNo running custom code.
No Open RegistrationYou must explicitly invite members to your instance.
No LDAP or Custom AuthNo custom auth support.
No Version FreezesThe whole cluster stays near HEAD.
No Automated Data ExportComing soon, but not available yet.
No SSH Access to HostsNo shell access to the cluster.
No Third-Party IntegrationsJIRA and Asana integrations aren't supported.
No Log AccessWe don't currently give you access to logs.
Other Config LimitationsSome other configuration may not be adjustable.
Resource LimitsWe will enforce reasonable resource limits.
InactivityAfter prolonged inactivity, free instances will be suspended.

Features not listed here as subject to limitations are supported. The remainder of this document discusses these limitations in detail.

No Custom Domains

Your instance will run at instance.phacility.com, and can not be hosted on a custom domain like phabricator.mycompany.com.

This is primarily a technical limitation. We could eventually support this, if there is demand for it. If you're interested, let us know.

No Prototype Applications

We don't support prototype applications in the cluster.

These applications are in development and we aren't prepared to support them properly until they leave the prototype phase.

No Custom Plugins/Extensions

Instances are not completely sandboxed and share access to resources and services, so we can not run untrusted third-party code in the cluster.

This limitation is fundamental to the cluster architecture. We currently have no plans to support this. We recommend you consider self-hosting if you want to run custom code.

No Open Registration

We currently do not support open registration: an instance administrator must explicitly invite members to an instance using Invite Members on admin.phacility.com. We expect this is a good fit for most installs today.

For more information on managing instance members, see Managing Instances.

In particular, this means that policy.allow-public will make your instance publicly readable, but won't let public users register or sign in. Given our current pricing structure, we believe no installs will actually want to do this. If you do, let us know.

One exception to this is that if you'd like to automatically add anyone who verifies an @mycompany.com email address to an instance, we can set this up for you (just get in touch with support). You can't configure this yourself because we can't easily automatically verify you own a domain, and don't want someone to add @gmail.com by mistake.

No LDAP or Custom Auth

We use a centralized account system to make Phacility easier to use: instances do not have to configure authentication, and if a user mistakenly logs into phacility.com (instead of mycompany.phacility.com) we can direct them to the instance or instances they have accounts on.

We do not currently support custom authentication on instances. It is possible that we could support it in the future, but we are unsure how much interest there is. There are also technical, product, and support implications. If you're interested in this, let us know.

No Version Freezes

Because all instances run the same code, we can not freeze instances at a specific Phabricator version. All instances will be kept near HEAD, and run the most up-to-date Phabricator code.

You should expect that the product will change over time, and you may occasionally not like some of the changes. We're always open to feedback, but we can't freeze your instance at a specific version. If you need precise control over upgrades, we recommend self-hosting.

No Automated Data Export

We plan to support automatic data export before we leave Open Beta, but do not currently have an implementation we're satisfied with. This is blocked by both technical work and security concerns.

If you'd like to leave the service before we have an automated solution in place, let us know. We can coordinate with you to manually export your data.

No SSH Access to Hosts

Phacility does instancing just-in-time for each request, not by bringing up separate VMs for each instance, so instances do not have dedicated hosts and there is nothing we could safely give you SSH access to.

This limitation is fundamental to the cluster architecture. Beyond technical limitations, this has wide-reaching security and support implications. We intend to improve tooling and support to address problems without requiring SSH access.

If you have issues which could be solved by SSH access, let us know what they are. We'd prefer to provide more specialized tools to address problems.

No Log Access

There is currently no way to access instance logs, like access logs or SSH logs.

There are minor technical, security, and product limitations in providing this access. If you're interested, let us know.

No Third-Party Integrations

The JIRA and Asana integrations are not currently supported.

This is a technical and product limitation, arising from these integrations being auth-based and auth being centralized. We are generally unsure of how much demand there will be for these integrations on hosted instances. If you're interested, let us know.

Other Config Limitations

Phabricator configuration which is "locked" (often because it is unsafe to update from the web UI) can not be changed on instances. In most cases, there is only one reasonable value (the one that makes the feature work in the cluster) and we have automatically set it correctly.

In some other cases, like prototype applications, the lock is intentional: we don't want instances enabling prototype applications in the cluster.

However, there are some additional cases where we could reasonably let instances change configuration and just don't have tools for it. If you run into cases like this, let us know what you'd like to be able to change. We expect to build tooling into the instance administration console to handle many of these cases, we just aren't sure where demand is yet.

Some configuration which is not editable from the instance itself can be edited from the instance administration UI by selecting "Adjust Configuration".

Resource Limits

This service is intended for organizations using Phabricator in a large array of diverse roles, but not all use cases are a good fit for the service. If your use case is far outside the gamut of normal use, we recommend you self-host or find another provider.

In particular, instances with very high resource usage (or which are using resources in an unusual way which disrupts other instances) may be throttled or limited.

We expect this will only affect installs with bizarre, suspicious use cases which lie very far outside of normal use and likely violate our terms of service anyway, but include it here for completeness.

If you have an exceptionally large install (typically in the range of hundreds or thousands of active users) we may restrict it to a finite amount of dedicated hardware and work with you to find a suitable cluster configuration and pricing plan for your particular needs.

Inactivity

Free instances which are inactive for a prolonged period of time are subject to automatic suspension. Instances will receive a warning before this suspension occurs and may contact support to recover suspended instances for 90 days after suspension.

Defined
src/docs/user/limitations.diviner:1