Creating a persistent disk from a data source

You can use a persistent disk as a boot disk for a virtual machine (VM) instance, or as a data disk that you attach to a VM. When creating a persistent disk, you can either create a blank persistent disk, or create a disk from a source so that the new disk contains data from that source.

Data sources

You can create persistent disks from the following data sources:

Before you begin

Creating a disk clone from an existing disk

You can create a new persistent disk clone from an existing persistent disk, even if the existing disk is attached to a VM instance. When you clone a disk, you create a new disk that contains all the data on the source disk. You can modify properties on that clone, such as the size. You can also delete the source disk without any risk of deleting the clone.

The ability to clone disks is useful for duplicating production data to debug without disturbing production, duplicating disks while scaling out your VMs, and creating replicas for database backup verification. You can also clone disks to move non-boot disk data to a new project. For scenarios where data protection is required for additional resilience, such as backup and disaster recovery, we recommend using snapshots instead of disk clones.

Restrictions

  • The disk type of the clone must be the same as that of the source disk.
  • You cannot create a zonal disk clone from a regional disk.
  • You cannot create a zonal disk clone of an existing zonal disk in a different zone.
  • The size of the clone must be at least the size of the source disk. If you create a clone using the Google Cloud Console, you cannot specify a disk size and the clone is the same size as the source disk.
  • If you use a customer-supplied encryption key or a customer-managed encryption key to encrypt the source disk, you must use the same key to encrypt the clone. For more information, see Creating a clone of an encrypted source disk.
  • You can create at most one clone of a given source disk every 30 seconds.
  • You can create at most 1000 total disk clones of a given source disk. Exceeding this limit returns an internalError.
  • The rate at which you can clone disk space is limited. You can create at most 1 TB of cloned disk every 15 minutes, with a burst request limit of 257 TB.

Error messages

If you exceed the cloning frequency limits, the request fails with the following error:

RATE LIMIT: ERROR: (gcloud.compute.disks.create) Could not fetch resource:
 - Operation rate exceeded for resource RESOURCE. Too frequent operations from the source resource.

Creating a disk clone

You can clone an existing disk into a new disk using either the Google Cloud Console, the gcloud command-line tool, or the Compute Engine API.

Console

  1. In the Google Cloud Console, go to the Disks page.

    Go to Disks

  2. In the list of zonal persistent disks, find the disk that you want to clone.

  3. Click the menu button under Actions and select Clone disk.

    Create clone.

  4. In the Clone disk panel, specify a name for the new disk.

  5. Under Properties, review other details for the new disk.

  6. Click Save.

gcloud

In the gcloud tool, use the disks create command command and specify the --source-disk. The following example clones the source disk to a new disk in a different project:

gcloud compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
    --description="cloned disk" \
    --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME

Replace the following:

  • TARGET_PROJECT_ID: the project ID for the new disk
  • ZONE: the zone of the source and new disk
  • TARGET_DISK_NAME: the name for the new disk
  • SOURCE_PROJECT_ID: the project ID of the source disk
  • SOURCE_DISK_NAME: the name of the source disk

API

In the API, construct a POST request to the compute.disks.insert method. In the request body, specify the name and sourceDisk parameters. The clone inherits all omitted properties from the source disk. The following example clones the source disk to a new disk in a different project:

POST https://compute.googleapis.com/compute/v1/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
}

Replace the following:

  • TARGET_PROJECT_ID: the project ID for the new disk
  • ZONE: the zone of the source and new disk
  • TARGET_DISK_NAME: the name for the new disk
  • SOURCE_PROJECT_ID: the project ID of the source disk
  • SOURCE_DISK_NAME: the name of the source disk

Creating a regional disk clone from a zonal disk

You can create a new regional disk by cloning an existing zonal disk. To migrate a zonal disk to a regional disk, Google recommends this option instead of creating a snapshot of the zonal disk and restoring the snapshot to a new regional disk.

Restrictions

  • To create a regional disk clone from a source zonal disk, one of the replica zones of the clone must match the zone of the source disk.

  • After creation, the regional disk clone is usable within 3 minutes, on average. However, the disk might take tens of minutes to become fully replicated and reach a state where the recovery point objective (RPO) is near zero.

Console

  1. In the Google Cloud Console, go to the Disks page.

    Go to Disks

  2. In the list of zonal persistent disks, find the disk that you want to clone.

  3. Click the menu button under Actions and select Clone disk.

    Create clone.

  4. In the Clone disk panel, specify a name for the new disk.

  5. For the Location, select Regional and select two replica zones for the new regional disk.

  6. Under Properties, review other details for the new disk.

  7. Click Save.

gcloud

Create a regional disk clone from a zonal disk and provide the source disk and two replica zones for the new regional disk by using the following gcloud compute disks create command. The following example assumes the source and target disks are in the same project.

gcloud compute disks create TARGET_DISK_NAME \
  --description="zonal to regional cloned disk" \
  --region=REGION_1 \
  --source-disk=SOURCE_DISK_NAME \
  --source-disk-zone=REGION_1_ZONE_1 \
  --replica-zones=REGION_1_ZONE_1,REGION_1_ZONE_2 \
  --project=PROJECT_ID

Replace the following:

  • TARGET_DISK_NAME: the name for the new regional disk
  • REGION_1: the region for the new regional disk
  • SOURCE_DISK_NAME: the name of the zonal disk to clone
  • REGION_1_ZONE_1: one of two replica zones for the new regional disk
  • REGION_1_ZONE_2: the other replica zone for the new regional disk
  • PROJECT_ID: the project ID

API

Provide the source disk and two replica zones for the new regional disk. The following example assumes the source and target disks are in the same project.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION_1/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/PROJECT_ID/zones/REGION_1_ZONE_1/disks/SOURCE_DISK_NAME"
  "replicaZone": "REGION_1_ZONE_1,REGION_1_ZONE_2"
}

Replace the following:

  • PROJECT_ID: the project ID
  • REGION_1: the region for the new regional disk
  • TARGET_DISK_NAME: the name for the new regional disk
  • REGION_1_ZONE_1: one of two replica zones for the new regional disk
  • SOURCE_DISK_NAME: the name of the zonal disk to clone
  • REGION_1_ZONE_2: the other replica zone for the new regional disk

Creating a clone of an encrypted source disk

If you use a customer-supplied encryption key to encrypt your source disk, you must also use the same key to encrypt the clone.

Console

  1. In the Google Cloud Console, go to the Disks page.

    Go to Disks

  2. In the list of zonal persistent disks, find the disk that you want to clone.

  3. Click the menu button under Actions and select Clone disk.

    Create clone.

  4. In the Clone disk panel, specify a name for the new disk.

  5. Provide the source disk encryption key under Decryption and encryption.

  6. Under Properties, review other details for the new disk.

  7. Click Save.

gcloud

Provide the source disk encryption key using the --csek-key-file flag when you create the disk clone. If you are using an RSA-wrapped key, use the gcloud beta component:

gcloud beta compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
  --description="cloned disk" \
  --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME \
  --csek-key-file example-key-file.json

Replace the following:

  • TARGET_PROJECT_ID: the project ID for the new disk
  • ZONE: zone of the source and new disk
  • TARGET_DISK_NAME: name for the new disk
  • SOURCE_PROJECT_ID: the project ID of the source disk
  • SOURCE_DISK_NAME: name of the source disk

API

Provide the source disk encryption key using the diskEncryptionKey property.

POST https://compute.googleapis.com/compute/beta/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
  "diskEncryptionKey": {
    "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oeQ5lAbtt7bYAAHf5l+gJWw3sUfs0/Glw5fpdjT8Uggrr+RMZezGrltJEF293rvTIjWOEB3z5OHyHwQkvdrPDFcTqsLfh+8Hr8g+mf+7zVPEC8nEbqpdl3GPv3A7AwpFp7MA=="
  },
}

Replace the following:

  • TARGET_PROJECT_ID: the project ID for the new disk
  • ZONE: the zone of the source and new disk
  • TARGET_DISK_NAME: the name for the new disk
  • SOURCE_PROJECT_ID: the project ID of the source disk
  • SOURCE_DISK_NAME: the name of the source disk

If you use a customer-managed encryption key to encrypt your source disk, you must also use the same key to encrypt the clone.

Console

Compute Engine automatically encrypts the clone using the source disk encryption key.

gcloud

Provide the key for the source disk using the --kms-key flag when you create the disk clone. If you are using an RSA-wrapped key, use the gcloud beta component:

gcloud beta compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
  --description="cloned disk" \
  --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME \
  --kms-key projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY

Replace the following:

  • TARGET_PROJECT_ID: the project ID for the new disk
  • ZONE: the zone of the source and new disk
  • TARGET_DISK_NAME: the name for the new disk
  • SOURCE_PROJECT_ID: the project ID of the source disk
  • SOURCE_DISK_NAME: the name of the source disk
  • KMS_PROJECT_ID: the project ID for the encryption key
  • REGION: the region of the encryption key
  • KEY_RING: key ring of the encryption key
  • KEY: the name of the encryption key

API

Provide the key for the source disk using the kmsKeyName property when you create the disk clone.

POST https://compute.googleapis.com/compute/beta/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
  "diskEncryptionKey": {
    "kmsKeyName": "projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY"
  },
}

Replace the following:

  • TARGET_DISK_NAME: the name for the new disk
  • SOURCE_PROJECT_ID: the project ID of the source disk
  • ZONE: the zone of the source and new disk
  • SOURCE_DISK_NAME: the name of the source disk
  • KMS_PROJECT_ID: the project ID for the encryption key
  • REGION: the region of the encryption key
  • KEY_RING: the key ring of the encryption key
  • KEY: the name of the encryption key

What's next