MCO fails to listen to puppetmaster AMQ

[mike r]

HI all, Im playing around with PE 4.2, trying to learn MCO architecture

I have 1 PE master on Ubuntu with AMQ broker

1 test node running Centos7 with PE agent

1 test node running Centos 5.7 with Open source puppet agent

first question, is it possible to enable the open source puppet agent to talk to PE AMQ broker? Or can PE Master talk and manage PE agents only?

2nd question:

my Centos7 (with PE agent) is setup correctly, I can run "mco ping" from PE Master and Centos7 replies back

on Centos5, I installed mcollective rpm on this Centos5 node and configured my certs and priv/pub keys

[root@centos57 ssl]# pwd

/etc/mcollective/ssl

[root@centos57 ssl]# tree

.

|-- ca.cert.pem

|-- centos57.cert.pem

|-- centos57.private_key.pem

|-- clients

|   |-- peadmin-public.pem

|   `-- puppet-dashboard-public.pem

|-- mcollective-private.pem

`-- mcollective-public.pem

1 directory, 7 files

I copied the centos57.cert.pem, centos57.private_key.pem files from the /var/lib/puppet/ssl dir. This node however isnt talking to Puppetmaster, 

cat /var/log/mcollective.log

I, [2016-04-01T21:58:14.535657 #5270]  INFO -- : activemq.rb:129:in `on_connectfail' TCP Connection to stomp+ssl://mcollective@puppetmaster2:61613 failed on attempt 42

E, [2016-04-01T21:58:44.537839 #5270] ERROR -- : activemq.rb:149:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@puppetmaster2:61613 failed: nested asn1 error

I, [2016-04-01T21:58:44.538121 #5270]  INFO -- : activemq.rb:129:in `on_connectfail' TCP Connection to stomp+ssl://mcollective@puppetmaster2:61613 failed on attempt 43

E, [2016-04-01T21:59:14.539604 #5270] ERROR -- : activemq.rb:149:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@puppetmaster2:61613 failed: nested asn1 error

I, [2016-04-01T21:59:14.539953 #5270]  INFO -- : activemq.rb:129:in `on_connectfail' TCP Connection to stomp+ssl://mcollective@puppetmaster2:61613 failed on attempt 44

E, [2016-04-01T21:59:44.541296 #5270] ERROR -- : activemq.rb:149:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@puppetmaster2:61613 failed: nested asn1 error

I, [2016-04-01T21:59:44.541629 #5270]  INFO -- : activemq.rb:129:in `on_connectfail' TCP Connection to stomp+ssl://mcollective@puppetmaster2:61613 failed on attempt 45

E, [2016-04-01T22:00:14.543349 #5270] ERROR -- : activemq.rb:149:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@puppetmaster2:61613 failed: nested asn1 error

I, [2016-04-01T22:00:14.543682 #5270]  INFO -- : activemq.rb:129:in `on_connectfail' TCP Connection to stomp+ssl://mcollective@puppetmaster2:61613 failed on attempt 46

my Centos57 mcollective server.cfg is setup like this

main_collective = mcollective

collectives = mcollective

libdir = /usr/libexec/mcollective

logfile = /var/log/mcollective.log

loglevel = info

daemonize = 1

# Plugins

securityprovider = psk

plugin.psk = unset

connector = activemq

plugin.activemq.pool.size = 1

plugin.activemq.pool.1.host = puppetmaster2

plugin.activemq.pool.1.port = 61613

plugin.activemq.pool.1.user = mcollective

plugin.activemq.pool.1.password = gKtrMuPIK5k3Fh621FYX

plugin.activemq.pool.1.ssl = true

plugin.activemq.pool.1.ssl.ca = /etc/mcollective/ssl/ca.cert.pem

plugin.activemq.pool.1.ssl.cert = /etc/mcollective/ssl/centos57.cert.pem

plugin.activemq.pool.1.ssl.key = /etc/mcollective/ssl/centos57.private_key.pem

plugin.activemq.heartbeat_interval = 120

plugin.activemq.max_hbrlck_fails = 0

# Security plugin settings (required):

# -----------------------------------

securityprovider           = ssl

# SSL plugin settings:

plugin.ssl_server_private  = /etc/mcollective/ssl/mcollective-private.pem

plugin.ssl_server_public   = /etc/mcollective/ssl/mcollective-public.pem

plugin.ssl_client_cert_dir = /etc/mcollective/ssl/clients

plugin.ssl_serializer      = yaml

# Facts

factsource = yaml

plugin.yaml = /etc/mcollective/facts.yaml

identity = centos57

Trying to understand what other config Im missing on my Centos57 box to make it listen to PE Master AMQ broker. Thanks!