Updated OpenShift Master iptables rules

* Removed unneeded rules
* Moved etcd rule to conditional based on usage of embedded etcd

https://bugzilla.redhat.com/show_bug.cgi?id=1386329

playbooks/common/openshift-master/config.yml

@@ -156,8 +156,6 @@
   - role: openshift_builddefaults
   - role: os_firewall
     os_firewall_allow:
-    - service: etcd embedded
-      port: 4001/tcp
     - service: api server https
       port: "{{ openshift.master.api_port }}/tcp"
     - service: api controllers https
@@ -166,16 +164,11 @@
       port: "{{ openshift.master.dns_port }}/tcp"
     - service: skydns udp
       port: "{{ openshift.master.dns_port }}/udp"
-    - service: Fluentd td-agent tcp
-      port: 24224/tcp
-    - service: Fluentd td-agent udp
-      port: 24224/udp
-    - service: pcsd
-      port: 2224/tcp
-    - service: Corosync UDP
-      port: 5404/udp
-    - service: Corosync UDP
-      port: 5405/udp
+  - role: os_firewall
+    os_firewall_allow:
+    - service: etcd embedded
+      port: 4001/tcp
+    when: groups.oo_etcd_to_config | default([]) | length == 0
   - role: openshift_master
     openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
   - role: nickhammond.logrotate