I personally wouldn't use a pacemaker setup for Keystone, since Keystone is horizontal scalable per design.

The best imho would be to set up a HAProxy cluster (here comes pacemaker in), send Keystone related HTTP/S requests - using a virtual IP address - to HAProxy and balance over some Keystone nodes.

With that setting the Keystone nodes will be independent, which makes it a lot easier for maintenance work, scaling etc.

cheers, hauke