Re: Endorsement Policy Failure while committing chaincode #fabric-kubernetes #hyperledger-fabric #chaincode


David Enyeart
 

Your LifecycleEndorsement is set to a majority of orgs. So you will need to approve the chaincode on at least 5 of 8 orgs and then send the commit request to at least those 5 orgs. It looks like your commit request is only going to 4 of 8 orgs based on the peerAddresses properties.

 

From: fabric@... <fabric@...> on behalf of Arsh <arshimag@...>
Date: Tuesday, June 21, 2022 at 5:25 AM
To: fabric@... <fabric@...>
Subject: [EXTERNAL] [Hyperledger Fabric] Endorsement Policy Failure while committing chaincode #fabric-kubernetes #hyperledger-fabric #chaincode

I'm very much new to blockchain and hyperledger. I'm trying to setup my first network with 8 orgs containing 3 peers each and 7 orderers. Everything is working fine using docker-compose. I'm trying to replicate the same on kubernetes following

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

I'm very much new to blockchain and hyperledger. I'm trying to setup my first network with 8 orgs containing 3 peers each and 7 orderers. Everything is working fine using docker-compose. I'm trying to replicate the same on kubernetes following this tutorial https://github.com/hyfen-nl/PIVT. All the stages of chaincode right from packaging till checking for commit readiness are giving a positive and desired response. However, committing the chaincode fails with 

 

2022-06-20 12:35:38.641 UTC [chaincodeCmd] ClientWait -> INFO 0a0 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.ni.example.org:7051

2022-06-20 12:35:38.641 UTC [chaincodeCmd] ClientWait -> INFO 0a1 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.es.example.org:7051

2022-06-20 12:35:38.644 UTC [chaincodeCmd] ClientWait -> INFO 0a2 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.highereducation.example.org:7051

2022-06-20 12:35:38.644 UTC [chaincodeCmd] ClientWait -> INFO 0a3 txid [619d23f6fac89442c9f858749e6c2c809a7a1833373a634cd4cb56a2660bb84e] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer0.schooleducation.example.org:7051

Error: transaction invalidated with status (ENDORSEMENT_POLICY_FAILURE) 

The following is a part of configtx.yaml which I'm using and is the same file used while setting up using docker-compose except for minor changes like using different port numbers.

 

 

        # Policies defines the set of policies at this level of the config tree

        # For organization policies, their canonical path is usually

        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('OrdererMSP.member')"

            Writers:

                Type: Signature

                Rule: "OR('OrdererMSP.member')"

            Admins:

                Type: Signature

                Rule: "OR('OrdererMSP.admin')"

    - &Ni

        Name: NiMSP

        ID: NiMSP

        MSPDir: crypto-config/peerOrganizations/ni.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('NiMSP.admin', 'NiMSP.peer', 'NiMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('NiMSP.admin', 'NiMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('NiMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('NiMSP.peer')"

        AnchorPeers:

            - Host: peer0.ni.example.org

              Port: 7051

 

    - &Schooleducation

        Name: SchooleducationMSP

        ID: SchooleducationMSP

        MSPDir: crypto-config/peerOrganizations/schooleducation.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('SchooleducationMSP.admin', 'SchooleducationMSP.peer', 'SchooleducationMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('SchooleducationMSP.admin', 'SchooleducationMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('SchooleducationMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('SchooleducationMSP.peer')"

        AnchorPeers:

            - Host: peer0.schooleducation.example.org

              Port: 7051

 

    - &Highereducation

        Name: HighereducationMSP

        ID: HighereducationMSP

        MSPDir: crypto-config/peerOrganizations/highereducation.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('HighereducationMSP.admin', 'HighereducationMSP.peer', 'HighereducationMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('HighereducationMSP.admin', 'HighereducationMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('HighereducationMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('HighereducationMSP.peer')"

        AnchorPeers:

            - Host: peer0.highereducation.example.org

              Port: 7051

 

    - &Es

        Name: EsMSP

        ID: EsMSP

        MSPDir: crypto-config/peerOrganizations/esevai.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('EsMSP.admin', 'EsMSP.peer', 'EsMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('EsMSP.admin', 'EsMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('EsMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('EsMSP.peer')"

        AnchorPeers:

            - Host: peer0.es.example.org

              Port: 7051

 

    - &Igr

        Name: IgrMSP

        ID: IgrMSP

        MSPDir: crypto-config/peerOrganizations/igr.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('IgrMSP.admin', 'IgrMSP.peer', 'IgrMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('IgrMSP.admin', 'IgrMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('IgrMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('IgrMSP.peer')"

        AnchorPeers:

            - Host: peer0.igr.example.org

              Port: 7051

 

    - &Forest

        Name: ForestMSP

        ID: ForestMSP

        MSPDir: crypto-config/peerOrganizations/forest.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('ForestMSP.admin', 'ForestMSP.peer', 'ForestMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('ForestMSP.admin', 'ForestMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('ForestMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('ForestMSP.peer')"

        AnchorPeers:

            - Host: peer0.forest.example.org

              Port: 7051

 

    - &Handicrafts

        Name: HandicraftsMSP

        ID: HandicraftsMSP

        MSPDir: crypto-config/peerOrganizations/handicrafts.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('HandicraftsMSP.admin', 'HandicraftsMSP.peer', 'HandicraftsMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('HandicraftsMSP.admin', 'HandicraftsMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('HandicraftsMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('HandicraftsMSP.peer')"

        AnchorPeers:

            - Host: peer0.handicrafts.example.org

              Port: 7051

 

    - &ITDepartment

        Name: ITDepartmentMSP

        ID: ITDepartmentMSP

        MSPDir: crypto-config/peerOrganizations/itdepartment.example.org/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('ITDepartmentMSP.admin', 'ITDepartmentMSP.peer', 'ITDepartmentMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR('ITDepartmentMSP.admin', 'ITDepartmentMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR('ITDepartmentMSP.admin')"

            Endorsement:

                Type: Signature

                Rule: "OR('ITDepartmentMSP.peer')"

        AnchorPeers:

            - Host: peer0.itdepartment.example.org

              Port: 7051


    #   /Channel/Application/<PolicyName>

    Policies:

        Readers:

            Type: ImplicitMeta

            Rule: "ANY Readers"

        Writers:

            Type: ImplicitMeta

            Rule: "ANY Writers"

        Admins:

            Type: ImplicitMeta

            Rule: "MAJORITY Admins"

        LifecycleEndorsement:

            Type: ImplicitMeta

            Rule: "MAJORITY Endorsement"

        Endorsement:

            Type: ImplicitMeta

            Rule: "MAJORITY Endorsement"

 

    Capabilities:

        <<: *ApplicationCapabilities

    Policies:

        Readers:

              Type: ImplicitMeta

              Rule: "ANY Readers"

        Writers:

            Type: ImplicitMeta

            Rule: "ANY Writers"

        Admins:

            Type: ImplicitMeta

            Rule: "MAJORITY Admins"

        BlockValidation:

            Type: ImplicitMeta

            Rule: "ANY Writers"

 
Below is the output for check commit readiness command:

 

{

        "approvals": {

                "EsMSP": true,

                "HighereducationMSP": true,

                "NiMSP": true,

                "SchooleducationMSP": true

        }

}

 

Command for approving the chaincode:

peer lifecycle chaincode approveformyorg --tls --cafile /hl_config/orderer-tlsca/tlscacert.pem  --channelID certificatechannel --name cc --version 1 --package-id  cc_1:1234567.....4965 --sequence 1 --waitForEvent

 

Command for committing the chaincode:

peer lifecycle chaincode commit -o orderer1.example.org:7050 --channelID certificatechannel --name cc --version 1 --sequence 1 --tls --cafile /hl_config/orde

rer-tlsca/tlscacert.pem  --peerAddresses peer0.ni.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/ni.tnega.org/peers/peer0.ni.

example.org/tls/ca.crt --peerAddresses peer0.schooleducation.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/schooleducation.example.org/peers/peer0.schooleducation.example.org/tls/ca.crt --peerAddresses peer0.highereducation.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/pe

erOrganizations/highereducation.example.org/peers/peer0.highereducation.example.org/tls/ca.crt --peerAddresses peer0.es.example.org:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/es.example.org/peers/peer0.es.example.org/tls/ca.crt


What I've tried:
I've tried running commit command passing one peer address of only one org at a time and received the same output. 
I've tried running commit command passing one peer address of all the orgs that have approved the chaincode and have recieved the same output.

I tried executing the command from inside one of the peers.

Note: 
-------
I'm making use of argo workflows along with helm templates and kubernetes to automate the chaincode process.

Any help is much appreciated. Thanks in advance!

Join fabric@lists.hyperledger.org to automatically receive all group messages.