sarman/dgx-spark-playbooks
1
0
Fork 0
mirror of https://github.com/NVIDIA/dgx-spark-playbooks.git synced 2026-04-26 11:53:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: sarman:0ac86e6002edd8d49d36697b098919737258b0ee
Branches Tags
sarman:main
...
compare: sarman:4bd606c1fc0fe3e606f4ce143c333919750062dd
Branches Tags
sarman:main

3 Commits
0ac86e6002 ... 4bd606c1fc

Author SHA1 Message Date
Ramzey Ghanaim
4bd606c1fc
Merge 050f799875 into 6a4d122e92 2026-04-13 09:47:52 -07:00
GitLab CI
6a4d122e92 chore: Regenerate all playbooks 2026-04-13 13:31:35 +00:00
rumz
050f799875 Added DGX Dashboard access over Tailnet instructions 2026-03-13 12:37:43 -07:00
3 changed files with 123 additions and 53 deletions
Show Stats Expand all files Collapse all files

8
nvidia/dgx-dashboard/README.md
View File

@ -14,11 +14,11 @@
## Basic idea
The DGX Dashboard is a web application that runs locally on DGX Spark devices, providing a graphical interface for system updates, resource monitoring, and an integrated JupyterLab environment. Users can access the dashboard locally from the app launcher or remotely through NVIDIA Sync or SSH tunneling. The dashboard is the easiest way to update system packages and firmware when working remotely.
The DGX Dashboard is a web application that runs locally on DGX Spark devices, providing a graphical interface for system updates, resource monitoring, and an integrated JupyterLab environment. Users can access the dashboard locally from the app launcher or remotely through NVIDIA Sync, SSH tunneling, or Tailscale. The dashboard is the easiest way to update system packages and firmware when working remotely.
## What you'll accomplish
You will learn how to access and use the DGX Dashboard on your DGX Spark device. By the end of this walkthrough, you will be able to launch JupyterLab instances with pre-configured Python environments, monitor GPU performance, manage system updates, and run a sample AI workload using Stable Diffusion. You'll understand multiple access methods including desktop shortcuts, NVIDIA Sync, and manual SSH tunneling.
You will learn how to access and use the DGX Dashboard on your DGX Spark device. By the end of this walkthrough, you will be able to launch JupyterLab instances with pre-configured Python environments, monitor GPU performance, manage system updates, and run a sample AI workload using Stable Diffusion. You'll understand multiple access methods including desktop shortcuts, NVIDIA Sync, manual SSH tunneling, and Tailscale.
## What to know before starting
@ -98,6 +98,10 @@ Replace `<ASSIGNED_PORT>` with the port number from the YAML file.
Open your web browser and navigate to `http://localhost:11000`.
**Option D: Tailscale (alternative to manual SSH tunnels)**
For secure remote access over your private network without manual SSH tunneling, check out the [Tailscale playbook](../tailscale/README.md#step-12-access-dgx-dashboard-over-tailnet) for instructions on accessing the DGX Dashboard over the tailnet using Tailscale Serve.
## Step 2. Log into DGX Dashboard

74
nvidia/nemoclaw/README.md
View File

@ -25,7 +25,7 @@
- [Step 6. Talk to the agent (CLI)](#step-6-talk-to-the-agent-cli)
- [Step 7. Interactive TUI](#step-7-interactive-tui)
- [Step 8. Exit the sandbox and access the Web UI](#step-8-exit-the-sandbox-and-access-the-web-ui)
- [Step 9. Prepare credentials](#step-9-prepare-credentials)
- [Step 9. Create a Telegram bot](#step-9-create-a-telegram-bot)
- [Step 10. Configure and start the Telegram bridge](#step-10-configure-and-start-the-telegram-bridge)
- [Step 11. Stop services](#step-11-stop-services)
- [Step 12. Uninstall NemoClaw](#step-12-uninstall-nemoclaw)
@ -192,14 +192,6 @@ Install Ollama:
curl -fsSL https://ollama.com/install.sh | sh
```
Verify it is running:
```bash
curl http://localhost:11434
```
Expected: `Ollama is running`. If not, start it: `ollama serve &`
Configure Ollama to listen on all interfaces so the sandbox container can reach it:
```bash
@ -209,6 +201,17 @@ sudo systemctl daemon-reload
sudo systemctl restart ollama
```
Verify it is running and reachable on all interfaces:
```bash
curl http://0.0.0.0:11434
```
Expected: `Ollama is running`. If not, start it with `sudo systemctl start ollama`.
> [!IMPORTANT]
> Always start Ollama via systemd (`sudo systemctl restart ollama`) — do not use `ollama serve &`. A manually started Ollama process does not pick up the `OLLAMA_HOST=0.0.0.0` setting above, and the NemoClaw sandbox will not be able to reach the inference server.
### Step 3. Pull the Nemotron 3 Super model
Download Nemotron 3 Super 120B (~87 GB; may take 15--30 minutes depending on network speed):
@ -237,10 +240,10 @@ You should see `nemotron-3-super:120b` in the output.
### Step 4. Install NemoClaw
This single command handles everything: installs Node.js (if needed), installs OpenShell, clones NemoClaw at the pinned stable release (`v0.0.1`), builds the CLI, and runs the onboard wizard to create a sandbox.
This single command handles everything: installs Node.js (if needed), installs OpenShell, clones the latest stable NemoClaw release, builds the CLI, and runs the onboard wizard to create a sandbox.
```bash
curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_INSTALL_TAG=v0.0.4 bash
curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash
```
The onboard wizard walks you through setup:
@ -358,60 +361,53 @@ http://127.0.0.1:18789/#token=<long-token-here>
## Phase 3: Telegram Bot
### Step 9. Prepare credentials
> [!NOTE]
> If you already configured Telegram during the NemoClaw onboarding wizard (step 5/8), you can skip this phase. These steps cover adding Telegram after the initial setup.
You need two items:
### Step 9. Create a Telegram bot
| Item | Where to get it |
|------|----------------|
| Telegram bot token | Open Telegram, find [@BotFather](https://t.me/BotFather), send `/newbot`, and follow the prompts. Copy the token it gives you. |
| NVIDIA API key | Go to [build.nvidia.com/settings/api-keys](https://build.nvidia.com/settings/api-keys) and create or copy a key (starts with `nvapi-`). |
Open Telegram, find [@BotFather](https://t.me/BotFather), send `/newbot`, and follow the prompts. Copy the bot token it gives you.
### Step 10. Configure and start the Telegram bridge
Make sure you are on the **host** (not inside the sandbox). If you are inside the sandbox, run `exit` first.
Set the required environment variables. Replace the placeholders with your actual values. `SANDBOX_NAME` must match the sandbox name you chose during the onboard wizard:
```bash
export TELEGRAM_BOT_TOKEN=<your-bot-token>
export SANDBOX_NAME=my-assistant
```
Add the Telegram network policy to the sandbox:
Add the Telegram network policy to the sandbox so it can reach the Telegram API:
```bash
nemoclaw my-assistant policy-add
```
When prompted, type `telegram` and hit **Y** to confirm.
When prompted, select `telegram` and hit **Y** to confirm.
Start the Telegram bridge. On first run it will ask for your NVIDIA API key:
Set the bot token and start auxiliary services:
```bash
export TELEGRAM_BOT_TOKEN=<your-bot-token>
nemoclaw start
```
Paste your `nvapi-` key when prompted.
The Telegram bridge starts only when the `TELEGRAM_BOT_TOKEN` environment variable is set. Verify the services are running:
You should see:
```text
[services] telegram-bridge started
Telegram: bridge running
```bash
nemoclaw status
```
Open Telegram, find your bot, and send it a message. The bot forwards it to the agent and replies.
> [!NOTE]
> The first response may include a debug log line like "gateway Running as non-root..." -- this is cosmetic and can be ignored.
> The first response may take 30--90 seconds for a 120B parameter model running locally.
> [!NOTE]
> If you need to restart the bridge, `nemoclaw stop` may not cleanly stop the process. If that happens, find and kill the bridge process via its PID file:
> If the bridge does not appear in `nemoclaw status`, make sure `TELEGRAM_BOT_TOKEN` is exported in the same shell session where you run `nemoclaw start`. You can also try stopping and restarting:
> ```bash
> kill -9 "$(cat /tmp/nemoclaw-services-${SANDBOX_NAME}/telegram-bridge.pid)"
> nemoclaw stop
> export TELEGRAM_BOT_TOKEN=<your-bot-token>
> nemoclaw start
> ```
> Then run `nemoclaw start` again.
> [!NOTE]
> For details on restricting which Telegram chats can interact with the agent, see the [NemoClaw Telegram bridge documentation](https://docs.nvidia.com/nemoclaw/latest/deployment/set-up-telegram-bridge.html).
---
@ -419,7 +415,7 @@ Open Telegram, find your bot, and send it a message. The bot forwards it to the
### Step 11. Stop services
Stop any running auxiliary services (Telegram bridge, cloudflared):
Stop any running auxiliary services (Telegram bridge, cloudflared tunnel):
```bash
nemoclaw stop
@ -474,7 +470,7 @@ The uninstaller runs 6 steps:
| `nemoclaw my-assistant status` | Show sandbox status and inference config |
| `nemoclaw my-assistant logs --follow` | Stream sandbox logs in real time |
| `nemoclaw list` | List all registered sandboxes |
| `nemoclaw start` | Start auxiliary services (Telegram bridge) |
| `nemoclaw start` | Start auxiliary services (Telegram bridge, cloudflared) |
| `nemoclaw stop` | Stop auxiliary services |
| `openshell term` | Open the monitoring TUI on the host |
| `openshell forward list` | List active port forwards |

94
nvidia/tailscale/README.md
View File

@ -18,8 +18,10 @@
- [Step 9. Configure SSH authentication](#step-9-configure-ssh-authentication)
- [Step 10. Test SSH connection](#step-10-test-ssh-connection)
- [Step 11. Validate installation](#step-11-validate-installation)
- [Step 13. Cleanup and rollback](#step-13-cleanup-and-rollback)
- [Step 14. Next steps](#step-14-next-steps)
- [Step 12. Access DGX Dashboard over Tailnet](#step-12-access-dgx-dashboard-over-tailnet)
- [Step 13. Next steps](#step-13-next-steps)
- [Step 14. Cleanup and rollback](#step-14-cleanup-and-rollback)
- [Troubleshooting](#troubleshooting)
---
@ -316,14 +318,89 @@ Expected output:
- Successful file transfers
- Remote command execution working
### Step 13. Cleanup and rollback
### Step 12. Access DGX Dashboard over Tailnet
The DGX Dashboard is locked to localhost:11000 for security. This means you can only access it over localhost thorugh the ssh tunnel. Instead of manually creating an SSH tunnel every time, use Tailscale Serve to proxy the traffic so you can access it via your Tailscale IP/URL from any device.
## On your DGX Spark machine, run:
```bash
## Proxy incoming Tailnet traffic to the local dashboard
## The --bg flag ensures this keeps running after you close your terminal
sudo tailscale serve --bg --http=11000 localhost:11000
```
## Verify proxy is active:
```bash
tailscale serve status
```
You can access the dashboard using the Tailscale IP address:
`http://<TAILSCALE_IP>:11000`
You can find your Tailscale IP by running `tailscale ip -4` on the DGX Spark device.
Alternatively, if you set up tailsale with Magic DNS, you can use your tailscale URL with:
`http://SPARK_HOST_NAME.XXXXX-YYYYYY.ts.net:11000`
Where XXXXX an YYYYYY are part of the custom domain name to your tailnet.
You can now bookmark this URL and access it anywhere on your tailnet.
**Option: Enable HTTPS (recommended for security)**
For secure HTTPS access with SSL certificates, enable MagicDNS and HTTPS Certificates in your Tailscale Admin Console:
1. Go to your Tailscale Admin Console
2. Under DNS, ensure MagicDNS is enabled
3. Scroll down to HTTPS Certificates and click Enable
Then, on your DGX Spark machine, reset the HTTP proxy and start the HTTPS proxy:
```bash
# First, reset the old HTTP proxy
sudo tailscale serve --http=11000 off
# Now, start the HTTPS proxy
sudo tailscale serve --bg --https=11000 localhost:11000
```
Access the dashboard securely via: `https://SPARK_HOST_NAME.XXXXX-YYYYYY.ts.net:11000`
> **Note:** It may take a little longer on first load to set the SSL certificate. This is normal.
### Step 13. Next steps
Your Tailscale setup is complete. You can now:
- Access your DGX Spark device from any network with: `ssh <USERNAME>@<SPARK_HOSTNAME>`
- Transfer files securely: `scp file.txt <USERNAME>@<SPARK_HOSTNAME>:~/`
- Open the DGX Dashboard and start JupyterLab, then connect with:
`ssh -L 8888:localhost:1102 <USERNAME>@<SPARK_HOSTNAME>`
> **Note:** Alternatively, see Step 12 for accessing the DGX Dashboard over Tailnet without manual SSH tunneling.
### Step 14. Cleanup and rollback
Remove Tailscale completely if needed. This will disconnect devices from the
tailnet and remove all network configurations.
**Option A: Remove only DGX Dashboard access**
If you want to keep Tailscale installed but stop serving the DGX Dashboard:
```bash
## Remove DGX Dashboard access from tailnet (from Step 12)
sudo tailscale serve --http=11000 off
sudo tailscale serve --https=11000 off
```
> [!WARNING]
> This will permanently remove the device from your Tailscale network and require re-authentication to rejoin.
**Option B: Full Tailscale removal**
```bash
## Stop Tailscale service
sudo tailscale down
@ -337,19 +414,12 @@ sudo rm /usr/share/keyrings/tailscale-archive-keyring.gpg
## Update package list
sudo apt update
```
To restore: Re-run installation steps 3-5.
### Step 14. Next steps
Your Tailscale setup is complete. You can now:
- Access your DGX Spark device from any network with: `ssh <USERNAME>@<SPARK_HOSTNAME>`
- Transfer files securely: `scp file.txt <USERNAME>@<SPARK_HOSTNAME>:~/`
- Open the DGX Dashboard and start JupyterLab, then connect with:
`ssh -L 8888:localhost:1102 <USERNAME>@<SPARK_HOSTNAME>`
## Troubleshooting
| Symptom | Cause | Fix |