Bootstrap acl question

I’m following the documentation on how to bootstrap acl on nomad.

as advised, I edited the /etc/nomad.d/nomad.hcl file to add the acl stanza:

acl {
    enabled = true

Then restarted nomad (systemctl restart nomad).

Now, when I try to get the list of servers, I get a permission denied error:

$ nomad server members
Error querying servers: Unexpected response code: 403 (Permission denied)

And when I try to bootstrap the ACLs, I get the following error: ACL support disabled)

$ nomad acl bootstrap
Error bootstrapping: Unexpected response code: 500 (rpc error: ACL support disabled)

what did I do wrong?
Was the /etc/nomad.d/nomad.hcl the correct file to edit?

Did you add this stanza to every server and restart all server instances?

I just did.
The query for the list of servers still fails but I managed to issue the booststrap command.

That looks promising.

$ export NOMAD_TOKEN=<the secret ID returned by the bootstrap command>
$ nomad server members

If that succeeds then use your bootstrap token to generate a management token, then secure you bootstrap token away somewhere safe.

It did work thanks!
Now I’m stumbling upon the sample policy file… :face_with_raised_eyebrow:

Error writing ACL policy: Unexpected response code: 500 (rpc error: policy 0 invalid: 1 error(s) occurred:

* failed to parse rules: Invalid namespace capability 'alloc-node-exec': &acl.NamespacePolicy{Name:"*", Policy:"write", Capabilities:[]string{"alloc-node-exec"}})

Which sample policy file?

The one provided in the documentation

namespace "*" {
  policy       = "write"
  capabilities = ["alloc-node-exec"]

agent {
  policy = "write"

operator {
  policy = "write"

quota {
  policy = "write"

node {
  policy = "write"

host_volume "*" {
  policy = "write"