Endorsement Policy Failure while committing chaincode #fabric-kubernetes #hyperledger-fabric #chaincode


Arsh
 

I'm very much new to blockchain and hyperledger. I'm trying to setup my first network with 8 orgs containing 3 peers each and 7 orderers. Everything is working fine using docker-compose. I'm trying to replicate the same on kubernetes following this tutorial https://github.com/hyfen-nl/PIVT. All the stages of chaincode right from packaging till checking for commit readiness are giving a positive and desired response. However, committing the chaincode fails with 


2022-06-20 12:35:38.641 UTC [chaincodeCmd] ClientWait -> INFO 0a0 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.ni.example.org:7051
2022-06-20 12:35:38.641 UTC [chaincodeCmd] ClientWait -> INFO 0a1 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.es.example.org:7051
2022-06-20 12:35:38.644 UTC [chaincodeCmd] ClientWait -> INFO 0a2 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.highereducation.example.org:7051
2022-06-20 12:35:38.644 UTC [chaincodeCmd] ClientWait -> INFO 0a3 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.schooleducation.example.org:7051
Error: transaction invalidated with status (ENDORSEMENT_POLICY_FAILURE) 


The following is a part of configtx.yaml which I'm using and is the same file used while setting up using docker-compose except for minor changes like using different port numbers.
 
 
        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"
    - &Ni
        Name: NiMSP
        ID: NiMSP
        MSPDir: crypto-config/peerOrganizations/ni.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('NiMSP.admin', 'NiMSP.peer', 'NiMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('NiMSP.admin', 'NiMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('NiMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('NiMSP.peer')"
        AnchorPeers:
            - Host: peer0.ni.example.org
              Port: 7051
 
    - &Schooleducation
        Name: SchooleducationMSP
        ID: SchooleducationMSP
        MSPDir: crypto-config/peerOrganizations/schooleducation.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('SchooleducationMSP.admin', 'SchooleducationMSP.peer', 'SchooleducationMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('SchooleducationMSP.admin', 'SchooleducationMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('SchooleducationMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('SchooleducationMSP.peer')"
        AnchorPeers:
            - Host: peer0.schooleducation.example.org
              Port: 7051
 
    - &Highereducation
        Name: HighereducationMSP
        ID: HighereducationMSP
        MSPDir: crypto-config/peerOrganizations/highereducation.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('HighereducationMSP.admin', 'HighereducationMSP.peer', 'HighereducationMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('HighereducationMSP.admin', 'HighereducationMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('HighereducationMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('HighereducationMSP.peer')"
        AnchorPeers:
            - Host: peer0.highereducation.example.org
              Port: 7051
 
    - &Es
        Name: EsMSP
        ID: EsMSP
        MSPDir: crypto-config/peerOrganizations/esevai.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('EsMSP.admin', 'EsMSP.peer', 'EsMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('EsMSP.admin', 'EsMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('EsMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('EsMSP.peer')"
        AnchorPeers:
            - Host: peer0.es.example.org
              Port: 7051
 
    - &Igr
        Name: IgrMSP
        ID: IgrMSP
        MSPDir: crypto-config/peerOrganizations/igr.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('IgrMSP.admin', 'IgrMSP.peer', 'IgrMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('IgrMSP.admin', 'IgrMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('IgrMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('IgrMSP.peer')"
        AnchorPeers:
            - Host: peer0.igr.example.org
              Port: 7051
 
    - &Forest
        Name: ForestMSP
        ID: ForestMSP
        MSPDir: crypto-config/peerOrganizations/forest.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('ForestMSP.admin', 'ForestMSP.peer', 'ForestMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('ForestMSP.admin', 'ForestMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('ForestMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('ForestMSP.peer')"
        AnchorPeers:
            - Host: peer0.forest.example.org
              Port: 7051
 
    - &Handicrafts
        Name: HandicraftsMSP
        ID: HandicraftsMSP
        MSPDir: crypto-config/peerOrganizations/handicrafts.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('HandicraftsMSP.admin', 'HandicraftsMSP.peer', 'HandicraftsMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('HandicraftsMSP.admin', 'HandicraftsMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('HandicraftsMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('HandicraftsMSP.peer')"
        AnchorPeers:
            - Host: peer0.handicrafts.example.org
              Port: 7051
 
    - &ITDepartment
        Name: ITDepartmentMSP
        ID: ITDepartmentMSP
        MSPDir: crypto-config/peerOrganizations/itdepartment.example.org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('ITDepartmentMSP.admin', 'ITDepartmentMSP.peer', 'ITDepartmentMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('ITDepartmentMSP.admin', 'ITDepartmentMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('ITDepartmentMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('ITDepartmentMSP.peer')"
        AnchorPeers:
            - Host: peer0.itdepartment.example.org
              Port: 7051

    #   /Channel/Application/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
 
    Capabilities:
        <<: *ApplicationCapabilities
    Policies:
        Readers:
              Type: ImplicitMeta
              Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"
 
Below is the output for check commit readiness command:
 
{
        "approvals": {
                "EsMSP": true,
                "HighereducationMSP": true,
                "NiMSP": true,
                "SchooleducationMSP": true
        }
}


Command for approving the chaincode:
peer lifecycle chaincode approveformyorg --tls --cafile /hl_config/orderer-tlsca/tlscacert.pem  --channelID certificatechannel --name cc --version 1 --package-id  cc_1:1234567.....4965 --sequence 1 --waitForEvent
 
Command for committing the chaincode:
peer lifecycle chaincode commit -o orderer1.example.org:7050 --channelID certificatechannel --name cc --version 1 --sequence 1 --tls --cafile /hl_config/orde
rer-tlsca/tlscacert.pem  --peerAddresses peer0.ni.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/ni.tnega.org/peers/peer0.ni.
example.org/tls/ca.crt --peerAddresses peer0.schooleducation.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/schooleducation.example.org/peers/peer0.schooleducation.example.org/tls/ca.crt --peerAddresses peer0.highereducation.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/pe
erOrganizations/highereducation.example.org/peers/peer0.highereducation.example.org/tls/ca.crt --peerAddresses peer0.es.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/es.example.org/peers/peer0.es.example.org/tls/ca.crt

What I've tried:
I've tried running commit command passing one peer address of only one org at a time and received the same output. 
I've tried running commit command passing one peer address of all the orgs that have approved the chaincode and have recieved the same output.
I tried executing the command from inside one of the peers.

Note: 
-------
I'm making use of argo workflows along with helm templates and kubernetes to automate the chaincode process.

Any help is much appreciated. Thanks in advance!

Join fabric@lists.hyperledger.org to automatically receive all group messages.