Following ACL bootstrap tutorial and Nomad won't start due to policy error

I am following the tutorial at: Bootstrap Nomad ACL System | Nomad - HashiCorp Learn

I create the anonymous policy using the supplied config:

namespace "*" {
  policy       = "write"
  capabilities = ["alloc-node-exec"]

agent {
  policy = "write"

operator {
  policy = "write"

quota {
  policy = "write"

node {
  policy = "write"

host_volume "*" {
  policy = "write"

Nomad fails to start with the following error:

Aug 03 11:43:35 nomadserver1 nomad[4731]: ==> Error loading configuration from /etc/nomad.d: Error loading /etc/nomad.d/anonymous.policy.hcl: unexpected keys *, *, agent, host_volume, namespace, node, operator, quota

My nomad config:

#Nomad Config Server Only
datacenter = "nyc"
data_dir = "/opt/nomad/data"
bind_addr = ""

server {
  enabled = true
  bootstrap_expect = 3
  encrypt = "IRr3+qdE="

  server_join {
    retry_join = ["" ,"" ,""]
    retry_max = 3
    retry_interval = "15s"

acl {
  enable = true

Hey Bradley,

The anonymous policy file doesn’t get saved into your server configuration folder. It’s applied to the Nomad server state using the nomad acl policy apply command.

Moving the anonymous.policy.hcl file out of your /etc/nomad.d to your $HOME directory folder will get your node back to starting. Once your node is back up, run

nomad acl policy apply $HOME/anonymous.policy.hcl

and the policy will be created and stored in the Nomad server data.

Thanks for pointing out this pitfall. I will see about adding a note to the guide to make this a bit clearer.

Hope this gets you unjammed!

Thank you very much… I thought I was loosing it for a second.