Configuring MCollective with Choria is generally very simple and involves just including 1 module and setting some Hiera data, it takes care of the entire process for you.

In MCollective terminology a client is one you manage your network from - where you run mco commands - and a server is a node being managed.

Your mcollective config files in /etc/puppetlabs/mcollective should be factory default before starting this, especially important if you previously tried to use another module to configure it

Every node

All nodes should have the choria-mcollective module on them, by default every node becomes a MCollective Server ready to be managed via MCollective:

node "" {
  include mcollective

Client nodes

On machines where you wish to run mco commands like your Bastion nodes you have to configure them to be clients, you do this via Hiera:

mcollective::client: true

If you wish to have Client Only machines, you can disable the server on them:

mcollective::client: true
mcollective::server: false