I’m following the documentation on how to bootstrap acl on nomad.
as advised, I edited the /etc/nomad.d/nomad.hcl file to add the acl stanza:
acl {
enabled = true
}
Then restarted nomad (systemctl restart nomad).
Now, when I try to get the list of servers, I get a permission denied error:
$ nomad server members
Error querying servers: Unexpected response code: 403 (Permission denied)
And when I try to bootstrap the ACLs, I get the following error: ACL support disabled)
$ nomad acl bootstrap
Error bootstrapping: Unexpected response code: 500 (rpc error: ACL support disabled)
what did I do wrong?
Was the /etc/nomad.d/nomad.hcl the correct file to edit?
Did you add this stanza to every server and restart all server instances?
I just did.
The query for the list of servers still fails but I managed to issue the booststrap command.
That looks promising.
$ export NOMAD_TOKEN=<the secret ID returned by the bootstrap command>
$ nomad server members
If that succeeds then use your bootstrap token to generate a management token, then secure you bootstrap token away somewhere safe.
It did work thanks!
Now I’m stumbling upon the sample policy file… 
Error writing ACL policy: Unexpected response code: 500 (rpc error: policy 0 invalid: 1 error(s) occurred:
* failed to parse rules: Invalid namespace capability 'alloc-node-exec': &acl.NamespacePolicy{Name:"*", Policy:"write", Capabilities:[]string{"alloc-node-exec"}})
Which sample policy file?
The one provided in the documentation…
namespace "*" {
policy = "write"
capabilities = ["alloc-node-exec"]
}
agent {
policy = "write"
}
operator {
policy = "write"
}
quota {
policy = "write"
}
node {
policy = "write"
}
host_volume "*" {
policy = "write"
}
