Page MenuHomePhacility

Managing Instances
Phacility User Documentation (Administrating Instances)

Guide to managing instances using the web tools.


You can manage Phabricator instances hosted by Phacility by using the web UI tools located at

This document walks through these tools and their capabilities.

NOTE: Instance Managers and Administrators are different roles with different capabilities. Administrators are much less powerful than Instance Managers.

Administrators have some special powers on the instance itself, but they can not perform instance management actions like editing billing, accessing support, or disabling the instance.

Accessing the Instance Management Page

The Instances application is a set of web UI tools for managing Phabricator instances in the Phacility cluster. In general, you'll access the main management screen for an instance by browsing to, then choosing the instance you want to manage:

  • admin.phacility.comChoose an Instance

Allowing Other Users to Make Changes

To edit an instance or perform other administrative actions, a user must be a member of the billing account associated with the instance. In particular, being an administrator on the instance does not give users the power to manage the instance itself, only administrative powers within the context of the instance.

To let other users make changes to an instance, you must explicitly grant users these permission by adding them to the billing account for the instance.

You can edit members of the billing account by navigating to:

  • BillingEdit Account

Adding users here gives them total control over all instances attached to the billing account: for example, they can invite users or disable the instance.

If you manage multiple instances, note that this will also give them power over all of the instances associated with that billing account.

Configuring Multi-Factor Auth

You can improve the security of your instance by configuring multi-factor auth for your account (and having any other administrators configure it for themselves). You can do this in:

  • SettingsMulti-Factor Auth

Once multi-factor auth is configured, you'll be prompted to enter a secondary authentication factor (normally, a code displayed on your phone) when logging in or taking sensitive actions (like adding members or disabling an instance).

This helps protect against your instance against account compromise by limiting what an attacker who compromises a session (for example, by stealing a laptop) can actually do with it.

Managing Members and Invites

To invite new members, use Members. You can view current members and pending invites.

If you send an invite by mistake, you can cancel it from:

  • MembersChoose a MemberCancel Invitation

Disabling Users / Making Administrators

You can disable a user or make them an administrator from the instance itself. The user's state will automatically synchronize back to the administrative console.

To quickly find a user's profile from the administrative console, do this:

  • MembersChoose a MemberView Profile

This will take you to their profile on the instance itself, and let you make changes to their instance account (provided your account has administration privileges on the instance).

Note that making a user an administrator on the instance does not let them manage the instance in the instance console, see above for discussion.

Stripping Multi-Factor Auth

If a user loses their phone, you can strip multi-factor authentication from their instance account:

  • MembersChoose a MemberStrip Multi-Factor Auth

This is equivalent to running bin/auth strip from the command line.

Before stripping multi-factor auth, you should be certain the user is who they claim to be, not an attacker claiming to be that user: it is easier to pretend you have lost your phone than it is to steal someone's phone. You can find more specific discussion of stripping MFA in the main Phabricator documentation: User Guide: Multi-Factor Authentication.

Note that a MFA on an instance account is not directly tied to MFA on a Phacility acccount. Stripping instance MFA won't strip Phacility MFA, and vice versa.

Adjusting Configuration

Most Phabricator configuration can be edited from the web UI on your instance, using the Config application.

Some Phabricator configuration is locked and can not be edited from the web UI. This configuration mostly breaks down into three categories:

  1. Options with major security or safety implications (editing them would let an attacker compromise an instance, or would break an instance).
  2. Options with only one reasonable value (these options have automatically been set to whatever value makes them work in the Phacility cluster, and they can not be edited).
  3. Options with minor security/safety implications.

Some of the options in group (3) can be edited from the administrative console:

  • ConfigurationChoose an Option

If you can't edit an option that you'd like to be able to edit, let us know. We may be able to add it. See Phacility Support.

Restarting Daemons

You can manually restart daemons from the instance console:

  • ConfigurationRestart Daemons

This is mostly useful to clear setup warnings after changing instance configuration. Daemons will be restarted periodically as part of normal cluster operations.

Terminating Instances

You can disable an instance at any time via the web UI. This will immediately terminate service for the instance, and access to all members.

  • BillingDisable Instance

For details on exactly what this does and more information on terminating service, see Terminating Service.