I have very simple hyperledger fabric network (version 2.X) with next configuration:
- 1 root ca
- 1 peer
- 1 orderer
without TLS.
My content in configtx.yaml file:
Organizations:
- &org1
Name: org1
ID: org1MSP
MSPDir: ***/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('org1MSP.peer')"
OrdererEndpoints:
- orderer1-org1:8051
AnchorPeers:
- Host: peer1-org1
Port: 11051
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.4.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.4.3
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.4.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.4.3 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.4.2 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.4.2
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V1.4.2 orderer capabilities, ensure that all
# orderers on a channel are at v1.4.2 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.4.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.4.2.
V2_0: true
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Application: &ApplicationDefaults
Organizations:
Policies:
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer1-org1:8051
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *org1
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *org1
OrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
Capabilities:
<<: *ApplicationCapabilities
I tried to execute chaincode definition on channel:
peer lifecycle chaincode approveformyorg -o orderer1-org1:8051 --channelID mychannel --name basic --version 1.0 --package-id $CHAINCODE_ID --sequence 1
But I had an error:
2023-03-10 14:19:59.494 UTC 0001 INFO [chaincodeCmd] ClientWait -> txid [1c418bc3144ca0a41a9823a79f0cc1356f0ad03619b0613cf0d9a2abd558cd65] committed with status (ENDORSEMENT_POLICY_FAILURE) at peer1-org1:11051
Error: transaction invalidated with status (ENDORSEMENT_POLICY_FAILURE)
My peer logs:
2023-03-10 14:13:44.373 UTC 0327 DEBU [msp] satisfiesPrincipalInternalPreV13 -> Checking if identity satisfies role [PEER] for org1MSP
2023-03-10 14:13:44.373 UTC 0328 DEBU [msp] Validate -> MSP org1MSP validating identity
2023-03-10 14:13:44.373 UTC 0329 DEBU [cauthdsl] func2 -> 0xc003149d60 identity 0 does not satisfy principal: The identity is not a [PEER] under this MSP [org1MSP]: NodeOUs not activated. Cannot tell apart identities.
2023-03-10 14:13:44.373 UTC 032a DEBU [cauthdsl] func2 -> 0xc003149d60 principal evaluation fails
2023-03-10 14:13:44.373 UTC 032b DEBU [cauthdsl] func1 -> 0xc003149d60 gate 1678457624373531978 evaluation fails
2023-03-10 14:13:44.373 UTC 032c DEBU [policies] EvaluateSignedData -> Signature set did not satisfy policy /Channel/Application/org1/Endorsement
2023-03-10 14:13:44.373 UTC 032d DEBU [policies] EvaluateSignedData -> == Done Evaluating *cauthdsl.policy Policy /Channel/Application/org1/Endorsement
2023-03-10 14:13:44.374 UTC 032e WARN [vscc] Validate -> Endorsment policy failure error="validation of endorsement policy for collection _implicit_org_org1MSP chaincode _lifecycle in tx 1:0 failed: signature set did not satisfy policy" chaincode=_lifecycle endorsementPolicy="channel_config_policy_reference:\"/Channel/Application/LifecycleEndorsement\" " endorsingIdentities="(mspid=org1MSP subject=CN=peer1-org1,OU=peer,O=Hyperledger,ST=North Carolina,C=US issuer=CN=rca-org1,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US serialnumber=518820762623154598537949828779571887184484384178)"
2023-03-10 14:13:44.374 UTC 032f ERRO [vscc] Validate -> VSCC error: stateBasedValidator.Validate failed, err validation of endorsement policy for collection _implicit_org_org1MSP chaincode _lifecycle in tx 1:0 failed: signature set did not satisfy policy
2023-03-10 14:13:44.374 UTC 0330 DEBU [vscc] Validate -> block 1, namespace: _lifecycle, tx 0 validation results is: validation of endorsement policy for collection _implicit_org_org1MSP chaincode _lifecycle in tx 1:0 failed: signature set did not satisfy policy
2023-03-10 14:13:44.374 UTC 0331 DEBU [committer.txvalidator] ValidateWithPlugin -> Transaction 580670ddc6d0881fffdcd98185a679912337fc78c6b1037fe4f2bd278c3b15c5 appears to be invalid: validation of endorsement policy for collection _implicit_org_org1MSP chaincode _lifecycle in tx 1:0 failed: signature set did not satisfy policy
2023-03-10 14:13:44.374 UTC 0332 ERRO [committer.txvalidator] validateTx -> Dispatch for transaction txId = 580670ddc6d0881fffdcd98185a679912337fc78c6b1037fe4f2bd278c3b15c5 returned error: validation of endorsement policy for collection _implicit_org_org1MSP chaincode _lifecycle in tx 1:0 failed: signature set did not satisfy policy
I also tried to add some different options to command "peer lifecycle chaincode approveformyorg...":
- --signature-policy "AND ('org1MSP.peer')"
- --channel-config-policy /Channel/Application/Endorsement
But I had the same error.
