Hi Ajit, > Now, my question is why shared devices is not protected from secondary > while is mounted on primary node? > if this is expected behavior that means sun cluster entirely relies on > application of behave well and if someone by mistake do a dd(1m) on > the device from the secondary then everything is gone for the good, is > that acceptable behavior?
If OHAC/Sun Cluster prevented access to shared storage from all but one node, it would not be possible to use cluster filesystems (such as QFS or VxFS CFS) or parallel databases like Oracle RAC. One could argue, though, that a feature to restrict access (in a configurable way) would prevent some administrator errors, but personally I would not value such an option much because it would introduce another source of error. I don't quite understand your argument that the protection of shared storage "entirely relie(d) on (the) application". I don't think that applications should be given permissions to access device nodes if a file system is used. As long as you use a fail system, the framework will ensure consistent access to it either through PxFS (global mount option) or by using "HA local" storage with the SUNW.HAStoragePlus resource type. If the application needs "raw" device access, then, yes, it should cooperate. If it doesn't or when in doubt, you can use the OHAC/Sun Cluster framework to guarantee that the application will only ever run on one node at a time (for instance using Failover_mode HARD as a last resort, see r_properties(5)). Nils