Managing InstancesPhacility User Documentation (Administrating Instances)
Guide to managing instances using the web tools.
You can manage Phabricator instances hosted by Phacility by using the web UI tools located at admin.phacility.com.
This document walks through these tools and their capabilities.
- Administrators have some special powers within an instance, like approving new users, but they can not manage the instance itself. If a user is only an administrator, they won't have access to most of the tools described on this page. See the section below on "Creating Instance Managers" for more details.
- Instance Managers have some special powers on admin.phacility.com, like creating support requests, disabling the instance, or changing certain configuration settings. Almost of the tools described on this page are only accessible to instance managers.
Accessing the Instance Management Page
The Instances application is a set of web UI tools for managing Phabricator instances in the Phacility cluster. In general, you'll access the main management screen for an instance by browsing to admin.phacility.com, then choosing the instance you want to manage:
- admin.phacility.com → Choose an Instance
Creating Instance Managers
To make a user an instance manager, an existing instance manager must add them to the billing account for the instance. All members of the billing account have all instance manager abilities.
You can edit members of the billing account for an instance by navigating to:
- Billing → Edit Account
Adding users here gives them total control over all instances attached to the billing account.
If your billing account is used to manage multiple instances, note that this will also give the new instance manager power over all of the instances associated with that billing account.
To request support for your instance, you must be an instance manager. This is because support issues can include arbitrary, highly dangerous requests, like modifying database or repository state, or permanently destroying an instance and all its backups.
Be aware that Phacility staff will honor all support requests from instance managers without any further validation.
To file support issues, access the "Support" application at admin.phacility.com/support.
If you pay us for hosting, you can also easily access Support from your instance details page on admin.phacility.com.
Managing Members and Invites
To invite new members, use Members. You can view current members and pending invites.
If you send an invite by mistake, you can cancel it from:
- Members → Choose a Member → Cancel Invitation
Disabling Users / Making Administrators
Disabling a user or making them an administrator does not require the use of the instance manager console, and should be done from within the instance itself. Note that you must be an administrator on the instance to perform these actions.
To quickly find a user's profile from the instance manager console, do this:
- Members → Choose a Member → View Profile
This will take you to their profile on the instance itself, and let you make changes to their instance account (provided your account has administration privileges on the instance).
Note that making a user an administrator on the instance does not make them an instance manager for the instance. See above for discussion.
Stripping Multi-Factor Auth
If a user loses their phone, you can strip multi-factor authentication from their instance account:
- Members → Choose a Member → Strip Multi-Factor Auth
This is equivalent to running bin/auth strip from the command line.
Before stripping multi-factor auth, you should be certain the user is who they claim to be, not an attacker claiming to be that user: it is easier to pretend you have lost your phone than it is to steal someone's phone. You can find more specific discussion of stripping MFA in the main Phabricator documentation: User Guide: Multi-Factor Authentication.
Note that a MFA on an instance account is not directly tied to MFA on a Phacility acccount. Stripping instance MFA won't strip Phacility MFA, and vice versa.
Most Phabricator configuration can be edited from the web UI on your instance, using the Config application.
Some Phabricator configuration is locked and can not be edited from within the instance. This configuration mostly breaks down into three categories:
- Options with major security or safety implications (editing them would let an attacker compromise an instance, or would break an instance).
- Options with only one reasonable value (these options have automatically been set to whatever value makes them work in the Phacility cluster, and they can not be edited).
- Options with minor security/safety implications.
Some of the options in group (3) can be edited from the instance console:
- Configuration → Choose an Option
If you can't edit an option that you'd like to be able to edit, let us know. We may be able to add it. See Phacility Support.
You can manually restart daemons from the instance console:
- Configuration → Restart Daemons
This is mostly useful to clear setup warnings after changing instance configuration. Daemons will be restarted periodically as part of normal cluster operations.
You can disable an instance at any time via the web UI. This will immediately terminate service for the instance, and access to all members.
- Billing → Disable Instance
For details on exactly what this does and more information on terminating service, see Terminating Service.