Volume Snapshots and Backups

Overview

Volume Snapshots and Backups protect the data on your block storage volumes with two complementary primitives:

Snapshots - Instant point-in-time rollback marks created on the volume's own storage backend. Fast, cheap, and ideal as a safety net before risky operations.
Backups - Full exports of a volume to a remote backup destination (S3-compatible, NFS, or local). Disaster-recovery grade - a backup survives complete loss of the source storage.

Both are managed from a unified Snapshots & Backups tab on every volume's detail page, in both the admin and user panels.

	Snapshot	Backup
Lives on	Same storage as the source volume	Separate `BackupStorage` (S3 / NFS / local)
Speed to create	Near-instant	Time scales with volume size + network
Cost	Only diverged blocks	Full volume size, every backup
Survives storage loss?	No	Yes
Restore in-place	Yes	Yes
Restore to new volume	Yes	Yes
Use case	Pre-change rollback insurance	Long-term retention, disaster recovery

Volume snapshots and backups are full-only - there are no incremental chains. Each item stands on its own.

Operations

Take a Snapshot

Navigate to the volume's detail page
Open the Snapshots & Backups tab
Click Take Snapshot
(Optional) Provide a name. If left blank a timestamped name is generated.
Confirm. The snapshot enters pending, then transitions to creating, then available.

The volume becomes briefly busy while the snapshot is being created. The active-operation banner at the top of the tab streams progress in real time.

Create a Backup

Open the Snapshots & Backups tab
Click the Backups sub-tab
Click Create Backup
(Optional) Provide a name
Confirm. The backup enters pending, then available once the export completes.

The export streams from the volume's storage backend to the destination configured for the volume's hypervisor (each hypervisor has a BackupStorage setting that already powers instance backups - volume backups reuse the same destination, written under the path prefix volumes/{volume_id}/).

Restore - Roll Back This Volume (in-place)

On the Snapshots or Backups sub-tab, click Restore next to the row you want to restore from
Choose Roll back this volume
Type the volume's name to confirm
The volume is overwritten with the snapshot or backup contents

In-place restore is blocked when the volume is attached to a running instance. Stop the instance first, or detach the volume.

Restore to a New Volume

Click Restore
Choose Restore to new volume
The dialog inherits the source volume's plan and hypervisor group by default; both can be changed
(Optional) Name the new volume
Confirm. A fresh volume is created from the snapshot or backup. The source is untouched.

This is the safest option when you want to inspect old data without disturbing the live volume.

Delete a Snapshot or Backup

Click the trash icon next to the row
Type the snapshot or backup name to confirm
The item is removed (from storage for snapshots, from backup storage for backups)

Safety Controls

The platform enforces several guard rails to prevent corruption and runaway usage:

Per-volume serialization

Only one operation - snapshot, backup, or restore - can run on a given volume at a time. While an operation is in flight, the volume's active_operation field is set and any second request is rejected with a clear error message ("Volume is busy with operation: snapshot"). Once the operation completes, the field clears automatically.

Cooldown

After an operation completes, a 5-minute cooldown applies before the next operation on the same volume. The UI shows a countdown so you know exactly when you can act again. This prevents accidental double-clicks and rate-limits API abuse.

Plan-level caps

Volume plans define hard caps on retained items:

Max Snapshots - default 5
Max Backups - default 10

When the cap is reached, attempts to create a new snapshot or backup are rejected with "Snapshot limit reached. Delete an existing snapshot first." Delete an item to free capacity.

Per-user inflight limit

A single user (or account) may have at most three volume operations in flight at once across all their volumes. This prevents one busy customer from saturating the queue.

Live-volume protection

In-place restore is blocked when the volume is attached to a running instance. The UI shows a clear error and points you at the resolution: stop the instance or detach the volume first. The restore-to-new-volume mode has no such restriction.

Billing

Volume plans expose two new credit fields:

Field	Meaning
Snapshot Credit Value	Credits charged per GB of retained snapshots, per month
Backup Credit Value	Credits charged per GB of retained backups, per month

Both default to zero, meaning customers can take snapshots and backups within their plan's caps without being billed for retention. To meter usage, set non-zero values. Billing runs hourly inside the existing Cloud Service billing tick. Snapshot and backup line items appear alongside compute charges in customer usage reports.

Only items in the available status are billed. Items in pending, creating, restoring, or failed status are not charged.

Admin Setup

To enable volume snapshots and backups for customers:

Confirm backup storage is configured. Each hypervisor that hosts volume storage must have a BackupStorage set on its hypervisor group (the same one used for instance backups). If a hypervisor has no backup storage, volume backups for volumes on that hypervisor will fail with "Hypervisor has no backup storage configured." Snapshots do not require backup storage - they live on the source storage.
Configure volume plans. Open Block Storage > Plans in the admin panel. For each plan, set:
- Max Snapshots - the cap on simultaneous retained snapshots (default 5)
- Max Backups - the cap on simultaneous retained backups (default 10)
- Snapshot Credit Value - credits per GB / month for retained snapshots (default 0 = free within cap)
- Backup Credit Value - credits per GB / month for retained backups (default 0 = free within cap)
Roll out slave updates. Each hypervisor needs the matching slave update to handle volume snapshot and backup commands. Trigger an update from each hypervisor's manage page in the admin panel; the new asynchronous update flow makes this safe to do live.
Test on a sample volume. Take a snapshot on a non-production volume, then a backup, then a restore-to-new-volume. Confirm the volumes/{volume_id}/ prefix appears in your backup destination and that the new volume comes up healthy.

What's Not Yet Supported

This is the v1 release. The following are intentionally out of scope and will be considered in future releases:

Scheduled snapshots and backups. All operations are manual today. Scheduling will be added once usage patterns are clearer.
Live consistent snapshots via guest fsfreeze. Snapshots taken while a volume is attached to a running instance are crash-consistent (the volume's data is whatever was on the disk at the snapshot moment), not application-consistent. To get application-consistent snapshots today, stop the instance or detach the volume first.
Cross-storage-type restore. Backups created from a Ceph volume can only be restored onto Ceph-backed targets, and qcow2-file backups onto qcow2-file targets. The restore dialog will surface a clear error if you select an incompatible target plan.

Troubleshooting

Snapshot or backup stuck in `pending` or `started`

A snapshot or backup that has not completed within 2 hours is automatically marked failed by the queue cleanup cron, and the volume's lock is released. Check the queue logs for the reason. Common causes: hypervisor offline, backup storage unreachable, source volume metadata corrupted.

"Volume is busy with operation: ..." error

Another operation is currently running on the volume. Wait for it to complete (watch the active-operation banner at the top of the Snapshots & Backups tab). If a job appears truly stuck, the cleanup cron will release the lock within 2 hours, or an admin can manually mark the queue row failed in the database.

"Volume is in cooldown. Try again in N seconds." error

The 5-minute cooldown is active. Wait for the countdown shown in the UI and try again.

"Backup limit reached" / "Snapshot limit reached"

The volume has hit its plan's max_backups or max_snapshots cap. Delete an existing item to free capacity, or upgrade the volume's plan to one with a higher cap.

"Cannot restore in-place while attached to a running instance"

The volume's instance is currently running. Stop the instance, or detach the volume from the instance, then retry. Alternatively, use Restore to new volume which has no such restriction.

Backup created on Ceph cannot restore onto an NFS-backed plan

Cross-storage-type restore is not supported in v1. Choose a target plan whose storage type matches the source volume's storage type.

Overview​

Operations​

Take a Snapshot​

Create a Backup​

Restore - Roll Back This Volume (in-place)​

Restore to a New Volume​

Delete a Snapshot or Backup​

Safety Controls​

Per-volume serialization​

Cooldown​

Plan-level caps​

Per-user inflight limit​

Live-volume protection​

Billing​

Admin Setup​

What's Not Yet Supported​

Troubleshooting​

Snapshot or backup stuck in pending or started​

"Volume is busy with operation: ..." error​

"Volume is in cooldown. Try again in N seconds." error​

"Backup limit reached" / "Snapshot limit reached"​

"Cannot restore in-place while attached to a running instance"​

Backup created on Ceph cannot restore onto an NFS-backed plan​