I have very simple network structure with two peer organizations and one orderer.
- orderer.org0
- peer0.org1
- peer1.org1
- peer0.org2
Private data collections is defined like below:
---
- StaticCollectionConfig:
name: topSecret
SignaturePolicyEnvelope:
identities:
- org1member:
role:
name: member
mspId: Org1MSP
policy:
1-of:
- signed-by: org1member
requiredPeerCount: 1
maximumPeerCount: 1
blockToLive: 0
memberOnlyRead: true
So, it should allow only org1 members to allow usage of private data.
In reality, if I run some PrivateData related actions on peers of org1 it throws following erros in the peer log:
[gossip.privdata] func1 -> ERRO 84e Failed disseminating private RWSet for TxID <TxId> , namespace mychcode collection topSecret : Requested to send to at least 1 peers, but know only of 0 suitable peers to distributed private collection
Why is this happening? From my understanding, requiredPeerCount: 1 should hold, because I have two peers in org0.
P.S. Internal gossip is configured and following messages can be seen in logs
2019-07-08 16:17:03.725 UTC [gossip.discovery] sendMemResponse -> DEBU 2853 Entering endpoint:"peer0.org1.example.com:7051" pki_id:"\2057\365\305\215\007*\025\277[\313\270t\020\"\355\301\247\214 \r\267\350T\260\375+G\333a\202\246"
2019-07-08 16:17:03.725 UTC [gossip.comm] Send -> DEBU 2854 Entering, sending GossipMessage: Channel: , nonce: 0, tag: EMPTY MembershipResponse with Alive: 2, Dead: 0, Envelope: 509 bytes, Signature: 0 bytes to 1 peers
2019-07-08 16:17:03.725 UTC [gossip.comm] sendToEndpoint -> DEBU 2855 Entering, Sending to peer0.org1.example.com:7051 , msg: GossipMessage: Channel: , nonce: 0, tag: EMPTY MembershipResponse with Alive: 2, Dead: 0, Envelope: 509 bytes, Signature: 0 bytes
2019-07-08 16:17:03.725 UTC [gossip.discovery] sendMemResponse -> DEBU 2856 Exiting, replying with alive:<payload:"\030\001*O\n?\n\033peer0.org1.example.com:7051\032 \2057\365\305\215\007*\025\277[\313\270t\020\"\355\301\247\214 \r\267\350T\260\375+G\333a\202\246\022\014\010\333\256\243\376\211\323\336\327\025\020l" signature:"0E\002!\000\261sVO\351\007\346\302A-1\360\002j\233\013;\204e\245\320W\014\263\337y\303\273+\220\217\t\002 m\210\351\332\262\032\323\215\343\372t\24450\004\034\036\023IiaJ?9 O-m\365l\343\325" secret_envelope:<payload:"\n\033peer0.org1.example.com:7051" signature:"0E\002!\000\344\261\203.A\221\272\345\314\240\223~\342\001\206\343\206\021^\311\033\005Q\233%\370\014#\250\rf\230\002 *m\307Jh\312q\371\014\302w\000>\232g\227\233\003\372\205\357\363&L?\262yH\366\240\225I" > > alive:<payload:"\030\001*2\n\"\032 2\320\014\223K\373\265\215E\375f\261\324\021\356\244\330o\370u>l\322[\033\005\240\363R\236\334F\022\014\010\331\340\224\370\204\323\336\327\025\020j" signature:"0D\002 E@\032!\313#\331\211\\|\334)R/n\221\347%\226\265\214\032\353}\323\302D\271\355\245\366\021\002 rL\327\346\244\022\235\360-\376\350\235\003\262K#\"C\t{\324\370\231\"P\365\376\341\014wM*" secret_envelope:<payload:"\n\033peer1.org1.example.com:7051" signature:"0E\002!\000\3777\226V\000\212>\235\232\334 \022\231\371\010\370\256\037\231\340\001\225\305r7\324\317\356K1\200\321\002 \001\215\321!\263L\342s\233\014#\334q\264\332,\261xOm\317\2555\352\330\252\326R\307`\363?" > >
The issue was related to some misconfiguration of local gossip. Which in turn was caused my wrong policies configuration in configtx.yaml
I used following roles: 'Org1MSP.client' 'Org1MSP.peer'
But looks like they will work only if NodeOUs are configured (see https://hyperledger-fabric.readthedocs.io/en/release-1.4/msp.html#identity-classification). After I replaced them with 'Org1MSP.member' it began to work.