ONe cluster on non-dedicated hosts?

Is it possible to run OpenNebula on hosts which are not dedicated to ONe, but also shared for other types of load, including user accounts with shell access?

For example, we have a computer classroom with Linux workstations, and I am considering using them also for experimental virtual machines (say, upto 1/4 of RAM of the physical hosts during work day, and more during nights and weekends). I of course do not expect it to have stability of dedicated servers, but for experimental traffic such as testing Hadoop instance with 50 nodes it could be usable.

What roadblocks should I expect to hit when trying to do this? So far, I have discovered the following ones:

  • ONe is full of “insecure temporary file usage” local security holes (scripts in /var/tmp/one, for example). Some of that can be mitigated by using another directory for scripts, but there might be more.

  • when using CEPH datastore, libvirt identifies the CEPH secret by its own completely unrelated UUID (so far OK), but the secret itself is nevertheless visible in the qemu command line. Is it possible to hide the command line somehow? E.g. to instruct it to read some of the parameters from the configuration file?