Endorsement policy doesn't work

2019-03-04 16:52发布

问题:

When I use admin deploy a network with one organization include three peers. My endorsement-policy.json as below , and it not work.

{
    "identities": [
        {
            "role": {
                "name": "member",
                "mspId": "Org1MSP"
            }
        }
    ],
    "policy": {
        "1-of": [
            {
                "signed-by": 0
            }      
       ]
    }
}

1.How can I set the endorsement-policy ? 2. I think the endorsing peer is the only a peer , what's the meaning of 'member' or 'admin' ?

So, I want make all of the three peers to be endorsing peers, how to config it ?

回答1:

Let's start from addressing your comment:

no.it should be a useage problem.I have three peers in only one org. I need all of three signatures from endorsing peers. When l use docker logs dev-peer*... command to see the log from each peer container .lt get different value by random function.So,the transaction is executed three times. Now,I just want the transaction can’t be submitted. What is the endorsement policy should be

The policy which you defined is:

"policy": {
    "1-of": [
        {
            "signed-by": 0
        }      
   ]
}

where "signed-by": 0 is the index of the MSP id which has to satisfy this rule. I.e. single endorsement of one peer basically will satisfy the endorsement policy, while you need to make sure all there execution are consistent, therefore in your case you would like to have more than one peer to endorse your transaction, hence you need:

{
    "identities": [
        {
            "role": {
                "name": "member",
                "mspId": "Org1MSP"
            }
        }
    ],
    "policy": {
        "3-of": [
            {
                "signed-by": 0
            },
            {
                "signed-by": 0
            },
            {
                "signed-by": 0
            },
        ]
    }
} 

which mean all 3 peers from Org1MSP have to signed the endorsement to approve the transaction, while since you are using random function it will fail.

1.How can I set the endorsement-policy ?

you can provide endorsement policy while instantiating your chaincode, the syntax is very simple:

AND("Org1MSP.member")

basically says you need at lest one endorsement from valid member of Org1MSP.

  1. I think the endorsing peer is the only a peer , what's the meaning of 'member' or 'admin' ?

member and admin are principle which actually provide you and ability to control whenever there is something need to be endorsed or signed by privileged entity (admin) or a simple one could be suffice (member).

So, I want make all of the three peers to be endorsing peers, how to config it ?

endorsing peer is the peer which has chaincode installed on it, hence able to invoke it and interact with it, there is no explicit configuration need to make peer an endorsing peer, all you need is to install chaincode on it.



回答2:

In terms of making your JSON policy file work, this should do it:

{
"identities": [
    {
        "role": {
            "name": "member",
            "mspId": "Org1MSP"
        }
    }
],
"policy": {
            "signed-by": 0
        }      
}

The definition of the JSON for the policy is here

The endorsement signatures are per organisation so you only need to add additional "identities" in the endorsement policy if you have multiple organisations.



回答3:

Composer will send the transaction to all the Peers in your connection.json document. It looks like all are evaluating based on what you see in the log, but because only 1 is required for Endorsement I guess that only the first to respond is actually written to the Ledger. (Setting up 3 Business Network Cards with a single peer defined in each connection.json - then retrieving the data from each peer should confirm this.)

I think it is unusual to require 3 Peers from the same Organisation to endorse (sign) the Transaction and a more typical scenario is what you tried earlier with 2 Peers from 2 Organisations.

Currently the Policy shown here has An Array of Identities containing 1 element which is a Role. Following the 2 links below to the Fabric Node SDK Documentation I think you could specify a Specific Identity instead of a Role. So if you really wanted to have 3 Peers from the same organisation, you would have the 3 specific Identities of the Peers (from the CA) in the Array of Identities, and in the Policy section you would have:

    "policy": {
    "3-of": [
        {
            "signed-by": 0
        },
        {
            "signed-by": 1
        },
        {
            "signed-by": 2
        }
    ]
}

https://fabric-sdk-node.github.io/global.html#Policy https://fabric-sdk-node.github.io/global.html#Identity

(I don't have the syntax for adding specific Identities instead of Roles.)