feat(deploy+bench+ops): DGX vm scripts, Windows RDP launcher, bench cases, agent_chat enable script
Some checks failed
tests / Lint (ruff + black) (push) Failing after 1m50s
tests / Tests unitaires (sans GPU) (push) Failing after 1m53s
tests / Tests sécurité (critique) (push) Has been skipped

This commit is contained in:
Dom
2026-07-02 13:32:36 +02:00
parent 6907ecc82f
commit bd1c9d2c8a
11 changed files with 479 additions and 0 deletions

View File

@@ -0,0 +1,44 @@
@echo off
chcp 65001 >nul
title Connexion VM Lea (via DGX)
REM ============================================================
REM Connexion Bureau a distance a la VM Windows (Lea) du DGX.
REM Ouvre un tunnel SSH, lance le RDP (presse-papier actif),
REM puis referme le tunnel quand la session RDP est fermee.
REM ============================================================
REM --- Parametres (ajuste si besoin) ---
set "DGX_USER=aivanov"
set "DGX_HOST=192.168.1.45"
REM En deplacement (WireGuard, plus tard) : mettre DGX_HOST=10.10.0.1
set "LOCAL_PORT=13389"
set "RDP_FILE=%~dp0VM-Lea.rdp"
echo.
echo [1/3] Ouverture du tunnel SSH vers %DGX_USER%@%DGX_HOST% ...
echo (si un mot de passe est demande, saisis-le dans la fenetre "Tunnel")
start "Tunnel-DGX-VMLea" ssh -o StrictHostKeyChecking=accept-new -o ExitOnForwardFailure=yes -N -L %LOCAL_PORT%:127.0.0.1:3390 %DGX_USER%@%DGX_HOST%
echo [2/3] Attente de l'etablissement du tunnel (max ~30s)...
set /a tries=0
:wait
timeout /t 1 /nobreak >nul
powershell -NoProfile -Command "try{(New-Object Net.Sockets.TcpClient).Connect('127.0.0.1',%LOCAL_PORT%);exit 0}catch{exit 1}" >nul 2>&1
if not errorlevel 1 goto ready
set /a tries+=1
if %tries% lss 30 goto wait
echo ! Tunnel non etabli. Verifie l'acces SSH au DGX (mot de passe / reseau).
pause
goto cleanup
:ready
echo [3/3] Connexion Bureau a distance (localhost:%LOCAL_PORT%) ...
mstsc "%RDP_FILE%"
:cleanup
echo.
echo Fermeture du tunnel SSH...
taskkill /FI "WINDOWTITLE eq Tunnel-DGX-VMLea*" /T /F >nul 2>&1
echo Termine.
timeout /t 2 /nobreak >nul

View File

@@ -0,0 +1,35 @@
CONNEXION BUREAU A DISTANCE - VM Lea (DGX)
==========================================
CONTENU
- Connexion-VM-Lea.cmd : le lanceur (double-clic)
- VM-Lea.rdp : le profil de connexion RDP (presse-papier active)
INSTALLATION (sur ton laptop Windows)
1. Copie les DEUX fichiers dans le MEME dossier (ex: le Bureau).
2. (Optionnel) clic droit sur Connexion-VM-Lea.cmd > Envoyer vers > Bureau
(creer un raccourci), pour un acces rapide.
UTILISATION
- Double-clic sur "Connexion-VM-Lea.cmd".
- Une fenetre "Tunnel" s'ouvre : si un mot de passe SSH est demande,
saisis le mot de passe du compte aivanov du DGX.
- Le Bureau a distance s'ouvre ensuite : saisis ton identifiant + mot de
passe WINDOWS de la VM.
- Copier-coller (texte ET fichiers) fonctionne dans les deux sens.
- Ferme la fenetre RDP pour finir : le tunnel se referme automatiquement.
PRE-REQUIS
- Etre sur le reseau du labo (meme WiFi) pour joindre 192.168.1.45.
- OpenSSH client (inclus dans Windows 10/11).
- Le Bureau a distance doit etre active dans la VM (deja fait).
EN DEPLACEMENT (plus tard)
- Quand WireGuard sera en place, edite Connexion-VM-Lea.cmd et remplace
DGX_HOST=192.168.1.45 par DGX_HOST=10.10.0.1
- Tout le reste est identique. L'adresse RDP reste localhost:13389.
CONFORT (optionnel, recommande)
- Pour ne plus saisir le mot de passe SSH a chaque fois : on signe la cle
SSH de ton laptop avec la CA (acces par certificat). Demande-le moi et
envoie-moi la cle publique de ton laptop.

View File

@@ -0,0 +1,18 @@
full address:s:localhost:13389
prompt for credentials:i:1
redirectclipboard:i:1
redirectdrives:i:1
drivestoredirect:s:*
redirectprinters:i:0
redirectsmartcards:i:0
audiomode:i:2
authentication level:i:0
negotiate security layer:i:1
enablecredsspsupport:i:1
screen mode id:i:2
dynamic resolution:i:1
desktopwidth:i:1280
desktopheight:i:800
session bpp:i:32
compression:i:1
username:s:

View File

@@ -0,0 +1,32 @@
#!/usr/bin/env bash
# RDP vers la VM Windows (Lea) du DGX, depuis ce serveur Linux (.40).
# Ouvre un tunnel SSH (par certificat) puis lance xfreerdp.
# Presse-papier + dossier $HOME partage. Tunnel ferme a la sortie.
#
# Usage:
# ./connexion-vm-lea.sh # labo (DGX = 192.168.1.45)
# ./connexion-vm-lea.sh 10.10.0.1 # en deplacement (via WireGuard)
# ./connexion-vm-lea.sh 192.168.1.45 /u:MonUserWindows
set -euo pipefail
DGX_HOST="${1:-192.168.1.45}"
[ $# -gt 0 ] && shift || true
LOCAL_PORT=13389
CTL="$(mktemp -u /tmp/rdp-vmlea-ctl.XXXXXX)"
cleanup(){ ssh -S "$CTL" -O exit "aivanov@${DGX_HOST}" >/dev/null 2>&1 || true; }
trap cleanup EXIT INT TERM
echo "[1/3] Tunnel SSH (cert) vers aivanov@${DGX_HOST} ..."
ssh -o ExitOnForwardFailure=yes -fN -M -S "$CTL" -L "${LOCAL_PORT}:127.0.0.1:3390" "aivanov@${DGX_HOST}"
echo "[2/3] Attente du tunnel ..."
for _i in $(seq 1 40); do
ss -tlnp 2>/dev/null | grep -q "127.0.0.1:${LOCAL_PORT} " && break
sleep 0.25
done
echo "[3/3] Connexion RDP (localhost:${LOCAL_PORT}) — presse-papier + dossier $HOME ..."
xfreerdp /v:localhost:${LOCAL_PORT} /cert:ignore /clipboard /dynamic-resolution /drive:home,"$HOME" "$@" || true
echo "Session RDP terminee, fermeture du tunnel."

View File

@@ -0,0 +1,59 @@
# Unblock NoMachine on Windows 11 — run as Administrator
# Adds firewall rules for port 4000 (TCP+UDP) and verifies NoMachine service
Write-Host "=== Unblock NoMachine ===" -ForegroundColor Cyan
# 1. Add firewall inbound rules for NoMachine (port 4000 TCP + UDP)
$ruleName = "NoMachine Server (Port 4000)"
$existing = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue
if ($existing) {
Write-Host "Firewall rule '$ruleName' already exists — enabling it" -ForegroundColor Yellow
Enable-NetFirewallRule -DisplayName $ruleName
} else {
Write-Host "Creating firewall rule '$ruleName' for port 4000 TCP+UDP" -ForegroundColor Green
New-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Protocol TCP -LocalPort 4000 -Action Allow -Profile Any -Enabled True -Description "Allow NoMachine remote desktop connections"
New-NetFirewallRule -DisplayName "$ruleName (UDP)" -Direction Inbound -Protocol UDP -LocalPort 4000 -Action Allow -Profile Any -Enabled True -Description "Allow NoMachine UDP discovery"
}
# 2. Check NoMachine service is running
$svc = Get-Service -Name "nxsrv" -ErrorAction SilentlyContinue
if (-not $svc) {
$svc = Get-Service -Name "NoMachine Server" -ErrorAction SilentlyContinue
if (-not $svc) {
$svc = Get-Service | Where-Object { $_.DisplayName -like "*NoMachine*" -and $_.DisplayName -like "*Server*" } | Select-Object -First 1
}
}
if ($svc) {
Write-Host "NoMachine service: $($svc.Name) — Status: $($svc.Status)" -ForegroundColor $(if ($svc.Status -eq 'Running') {'Green'} else {'Red'})
if ($svc.Status -ne 'Running') {
Write-Host "Starting NoMachine service..." -ForegroundColor Yellow
Start-Service -Name $svc.Name -ErrorAction SilentlyContinue
$svc = Get-Service -Name $svc.Name
Write-Host "After start: $($svc.Status)" -ForegroundColor $(if ($svc.Status -eq 'Running') {'Green'} else {'Red'})
}
} else {
Write-Host "WARNING: NoMachine server service not found!" -ForegroundColor Red
}
# 3. Verify port 4000 is listening
Write-Host ""
Write-Host "Checking port 4000..." -ForegroundColor Cyan
$port4000 = Get-NetTCPConnection -LocalPort 4000 -ErrorAction SilentlyContinue
if ($port4000) {
Write-Host "Port 4000 is LISTENING on $($port4000.LocalAddress):$($port4000.LocalPort) — State: $($port4000.State)" -ForegroundColor Green
} else {
Write-Host "WARNING: Port 4000 NOT listening — NoMachine server may not be active" -ForegroundColor Red
Write-Host "Try: restart NoMachine from the Start Menu or Services app" -ForegroundColor Yellow
}
# 4. Show this machine's IP for remote connection
$ip = (Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceAlias -notlike '*Loopback*' -and $_.IPAddress -notlike '127.*' -and $_.IPAddress -match '192\.168' } | Select-Object -First 1).IPAddress
if ($ip) {
Write-Host ""
Write-Host "Laptop IP on LAN: $ip" -ForegroundColor Green
Write-Host "From workstation: connect NoMachine to $ip" -ForegroundColor Green
}
Write-Host ""
Write-Host "=== Done ===" -ForegroundColor Cyan