Working with Volume Groups
The Oracle Cloud Infrastructure Block Volume service provides you with the capability to group together many volumes in a volume group. A volume group can include both types of volumes, boot volumes, which are the system disks for your compute instances, and block volumes for your data storage. You can use volume groups to create volume group backups and clones that are point-in-time and crash-consistent.
Tasks
This section includes the following tasks:
Required IAM Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
For administrators: The policy in Let volume admins manage block volumes, backups, and volume groups lets the specified group do everything with block volumes, backups, and volume groups.
See the following policy examples for working with volume groups:
- Let users create a volume group lets the specified group create a volume group from a set of volumes.
- Let users clone a volume group lets the specified group clone a volume group from an existing volume group.
- Let users create a volume group backup lets the specified group create a volume group backup.
- Let users restore a volume group backup lets the specified group create a volume group by restoring a volume group backup.
When users create a backup from a volume or restore a volume from a backup, the volume and backup don't have to be in the same compartment . However, users must have access to both compartments.
About Volume Groups
Volume groups simplify the process to create time-consistent backups of running enterprise applications that span several storage volumes across several instances. You can then restore an entire group of volumes from a volume group backup.
Similarly, you can also clone an entire volume group in a time-consistent and crash-consistent manner. A deep disk-to-disk and fully isolated clone of a volume group, with all the volumes associated in it, becomes available for use within a matter of seconds. This speeds up the process of creating new environments for development, quality assurance, user acceptance testing, and troubleshooting.
For more information about Block Volume-backed system disks, see Boot Volumes. For more information about Block Volume backups see Overview of Block Volume Backups. See Cloning a Block Volume for more information about Block Volume clones.
This capability is available using the Console, CLI, SDKs, or REST APIs.
Volume groups and volume group backups are high-level constructs that allow you to group together several volumes. When working with volume groups and volume group backups, keep the following in mind:
-
You can only add a volume to a volume group when the volume status is available.
-
You can add up to 32 volumes in a volume group, up to a maximum size limit of 128 TB. For example, if you wanted to add 32 volumes of equal size to a volume group, the maximum size for each volume would be 4 TB. Or you could add volumes that vary in size, however the overall combined size of all the block and boot volumes in the volume group must be 128 TB or less. Ensure you account for the size of any boot volumes in your volume group when considering volume group size limits.
-
Each volume can only be in one volume group.
-
When you clone a volume group, a new group with new volumes is created. For example, if you clone a volume group containing three volumes, then at completion of the operation, you have two separate volume groups and six different volumes with nothing shared between the volume groups.
-
When you update a volume group using the CLI, SDKs, or REST APIs, you need to specify all the volumes to include in the volume group each time you use the update operation. If you don't include a volume ID in the update call, that volume is removed from the volume group.
-
When you delete a volume group, the individual volumes in the group aren't deleted, only the volume group is deleted.
-
When you delete a volume that's part of a volume group, you must first remove it from the volume group before you can delete it.
-
When you delete a volume group backup, all the volume backups in the volume group backup are deleted.
Volume Group Replication
The Block Volume service provides you with the capability to perform ongoing automatic asynchronous replication of volume groups to other regions. This feature supports the following scenarios without requiring volume group backups:
- Disaster recovery
- Migration
- Business expansion
For more information, see Replicating a Volume. For specific details about volume groups, including step-by-step procedures using the Console and CLI, see Volume Group Replication.
Volume Group Backups
A volume group backup provides coordinated point-in-time-consistent backups of all the volumes in a volume group automatically. You can perform most of the same backup operations and tasks with volume groups that you can perform with individual block volumes and boot volumes. You can restore a volume group backup to a volume group, or you can restore individual volumes in the volume group from volume backups. With volume group backups, you can manage the backup settings for several volumes in one place, consistently. This simplifies the process to create time-consistent backups of running enterprise applications that span multiple storage volumes across multiple instances.
For a general overview of the Block Volume's service backup functionality, see Overview of Block Volume Backups.
Source Region
Volume group backups include a Source Region field. This specifies the region for the volume group that the backup was created from. For volume group backups copied from another region, this field will show the region the volume group backup was copied from.
Manual Volume Group Backups
Manual backups are on-demand one-off backups that you can launch immediately for volume groups by following the steps outlined in the procedures in this section. For general information about the manual backups feature for the Block Volume service, see Manual Backups.
Using the Console
- Open the navigation menu and click Storage. Under Block Storage, click Volume Groups.
- In the Volume Groups list, click Create Volume Group Backup in the for the volume group you want to create a backup for.
- Open the navigation menu and click Storage. Under Block Storage, click Volume Group Backups.
- In the Volume Group Backups list, click the volume group backup you want to restore.
- Click Create Volume Group.
- Fill in the required volume information:
- Name: A user-friendly name or description. Avoid entering confidential information.
- Compartment: The compartment for the volume group.
- Availability Domain: The availability domain for the volume group.
- Cluster Placement Group: (Optional) Select the
cluster placement group in which to restore the volume group to. Note
The Cluster Placement Group control only appears in the Console if Cluster Placement Groups are enabled for the tenancy, and you've created and activated a cluster placement group with the capability added for volume resources, see Cluster Placement Groups for Block Volume.
- Click Create Volume Group.
For more information about copying volume backups and volume group backups to new regions, see Copying a Volume Backup Between Regions. Before you can copy a volume group backup to a new region, ensure that you have configured the requred permissions, see Required IAM Policy.
- Open the navigation menu and click Storage. Under Block Storage, click Volume Group Backups.
- In the Volume Group Backups list, click the volume group backup you want to copy to a new region.
- Click Copy to Another Region.
- Enter a name for the backup and choose the region to copy the backup to. Avoid entering confidential information.
- In the Encryption section select whether you want the volume group backup to use the Oracle-provided encryption key or your own Vault encryption key. If you select the option to use your own key, paste the OCID for encryption key from the destination region.
- Click Copy Block Volume Backup.
- Confirm that the source and destination region details are correct in the confirmation dialog and then click OK.
Using the CLI
For information about using the CLI, see Command Line Interface (CLI).
Open a command prompt and run:
oci bv volume-group-backup list --compartment-id <compartment_ID>
For example:
oci bv volume-group-backup list --compartment-id ocid1.compartment.oc1..<unique_ID>
Open a command prompt and run:
oci bv volume-group-backup create --volume-group-id <volume-group_ID>
For example:
oci bv volume-group-backup create --volume-group-id ocid1.volumegroup.oc1.phx.<unique_ID>
Open a command prompt and run:
oci bv volume-group-backup get --volume-group-backup-id <volume-group-backup_ID>
For example:
oci bv volume-group-backup get --volume-group-backup-id ocid1.volumegroupbackup.oc1.phx.<unique_ID>
Open a command prompt and run:
oci bv volume-group-backup update --volume-group-backup-id <volume-group-backup_ID> --display-name <new_display_name>
You can only update the display name for the volume group backup.
For example:
oci bv volume-group-backup update --volume-group-backup-id ocid1.volumegroupbackup.oc1.phx.<unique_ID> --display-name "new display name"
Open a command prompt and run:
oci bv volume-group create --compartment-id <compartment_ID> --availability-domain <external_AD> --source-details <Source_details_JSON>
For example:
oci bv volume-group create --compartment-id ocid1.compartment.oc1..<unique_ID> --availability-domain ABbv:PHX-AD-1 --source-details '{"type": "volumeGroupBackupId", "volumeGroupBackupId": "ocid1.volumegroup.oc1.sea.<unique_ID>"}'
Open a command prompt and run:
oci bv volume-group-backup delete --volume-group-backup-id <volume-group-backup_ID>
When you delete a volume group backup, all volume backups in the group are deleted.
For example:
oci bv volume-group-backup delete --volume-group-backup-id ocid1.volumegroupbackup.oc1.phx.<unique_ID>
Using the API
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.
Use the following operations for working with volume group backups:
Policy-Based Volume Group Backups
These are automated scheduled backups as defined by the backup policy assigned to the volume group. Policy-based backups for volume groups are the same as policy-based backups for block volumes, the main difference is that the backup policy is applied to all the volumes in the volume group instead of a single volume. For general information about policy-based backups, see Policy-Based Backups. The process to create and configure user defined backup policies are the same for volume groups as they're for volumes, see Creating and Configuring User Defined Backup Policies for these procedures.
Vault encryption keys for volumes aren't copied to the destination region for scheduled volume and volume group backups enabled for cross region copy. Instead, you can specify a Vault encryption key for the backup copied to the destination region when you assign the backup policy. When you assign the backup policy, if it's enabled for cross region backup copies, select Encrypt using customer-managed keys for Cross region backup copy encryption to encrypt the volume or volume group backup in the destination region. If you select this option, you must specify the OCID for a valid encryption key in the destination region, see Requirements for Customer-Managed Encryption Keys for Cross-Region Operations for more information.
Oracle defined backup policies aren't supported for scheduled volume group backups.
Managing Backup Policy Assignments to Volume Groups
The backup policy assigned to a volume group defines the frequency and schedule for volume group backups. This section covers how to perform tasks related to managing the backup policy assignments for your volume groups using the Console, command line interface (CLI), and REST APIs.
If a volume group has an assigned backup policy, you must remove any backup policy assignments from volumes before you can add them to the volume group.
Before you can assign a backup policy to an existing volume group containing one or more volumes with assigned backup policies, you must remove those policy assignments from the invidual volumes before you can assign the policy to the volume group.
Using the Console
- Open the navigation menu and click Storage. Under Block Storage, click Volume Groups.
- Click the volume group for which you want to assign a backup policy to.
- On the Volume Group Details page click Edit .
-
In the BACKUP POLICIES section, select the compartment containing the backup policies.
-
Select the appropriate backup policy for your requirements.
- Optionally, if you select a backup policy enabled for cross region backup copies you can encrypt the backup copy in the destination region with your own Vault encryption key by selecting Encrypt using customer-managed keys for Cross region backup copy encryption. If you select this option, you must specify the OCID for a valid encryption key in the destination region, see Requirements for Customer-Managed Encryption Keys for Cross-Region Operations.
-
Click Save Changes.
- Open the navigation menu and click Storage. Under Block Storage, click Volume Groups.
- Click the volume group for which you want to change the backup policy for.
- On the Volume Group Details page click Edit.
-
In the BACKUP POLICIES section, select the compartment containing the backup policy.
-
Select the backup policy you want to switch to.
- Optionally, if you select a backup policy enabled for cross region backup copies you can encrypt the backup copy in the destination region with your own Vault encryption key by selecting Encrypt using customer-managed keys for Cross region backup copy encryption. If you select this option, you must specify the OCID for a valid encryption key in the destination region, for more information, see Requirements for Customer-Managed Encryption Keys for Cross-Region Operations.
-
Click Save Changes.
- Open the navigation menu and click Storage. Under Block Storage, click Volume Groups.
- Click the volume group for which you want to remove the backup policy for.
- On the Volume Group Details page click Edit .
-
In the BACKUP POLICIES section, select None from the list, and then click Save Changes.
Using the CLI
For information about using the CLI, see Command Line Interface (CLI).
Open a command prompt and run:
oci bv volume-backup-policy-assignment create --asset-id <volume_group_ID> --policy-id <policy_ID> --xrc-kms-key-id <kms_key_ID>
For example:
oci bv volume-backup-policy-assignment create --asset-id ocid1.volumegroup.oc1..<unique_ID> --policy-id ocid1.volumebackuppolicy.oc1..<unique_ID> --xrc-kms-key-id ocid1.key.oc1.iad-ad-1.<unique_ID>
Open a command prompt and run:
oci bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment --asset-id <volume_group_ID>
For example:
oci bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment --asset-id ocid1.volumegroup.oc1..<unique_ID>
Open a command prompt and run:
oci bv volume-backup-policy-assignment create --asset-id <volume_group_ID> --policy-id <policy_ID> --xrc-kms-key-id <kms_key_ID>
For example:
oci bv volume-backup-policy-assignment create --asset-id ocid1.volumegroup.oc1..<unique_ID> --policy-id ocid1.volumebackuppolicy.oc1..<unique_ID> --xrc-kms-key-id ocid1.key.oc1.iad-ad-1.<unique_ID>
Open a command prompt and run:
oci bv volume-backup-policy-assignment get --policy-assignment-id <backup-policy-ID>
For example:
oci bv volume-backup-policy-assignment get --policy-assignment-id ocid1.volumebackuppolicyassignment.oc1.phx.<unique_ID>
Using the API
Use the following operations to manage backup policy assignments to volume groups:
- CreateVolumeBackupPolicyAssignment
- DeleteVolumeBackupPolicyAssignment
- GetVolumeBackupPolicyAssetAssignment
- GetVolumeBackupPolicyAssignment
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.