Observability Azure

Glances on Ubuntu 24.04 on Azure User Guide

| Product: Glances on Ubuntu 24.04 LTS on Azure

Overview

This image runs Glances 4.5.5, an open source cross platform system monitor, on Ubuntu 24.04 LTS. Glances gives you a live, at a glance view of a server: CPU, memory, load, running processes, network throughput, disk input and output and filesystem usage, all on a single real time web dashboard and through a matching REST API that scripts and other tools can query.

The cloudimg image is secure by default. Glances runs as a dedicated non root service, bound only to the loopback interface, behind an nginx reverse proxy on port 80. The dashboard and the REST API are protected by HTTP Basic authentication with a unique password generated on first boot for each instance and written to a root only file. No credential is baked into the image, and no two deployments share one.

What is included:

  • Glances 4.5.5 installed into a pinned, self contained Python virtual environment at /opt/glances/venv
  • A dedicated non root glances service (glances-web.service) bound to 127.0.0.1:61208
  • nginx on port 80 reverse proxying the dashboard and REST API, with an unauthenticated /healthz endpoint for Azure Load Balancer probes
  • A one shot glances-firstboot.service that generates a per instance password on first boot and writes it to /root/glances-info.txt (mode 0600)
  • HTTP Basic authentication protecting both the web dashboard and the /api/4/ REST API
  • A fully patched Ubuntu 24.04 LTS base with unattended security upgrades enabled
  • 24/7 cloudimg support

Glances is published by the Glances project (nicolargo) under the LGPL 3.0 licence. This image is packaged by cloudimg and is not affiliated with or endorsed by the Glances project.

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is ample for monitoring a single host. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web dashboard. Glances serves plain HTTP on port 80; for production or shared access, terminate TLS in front of it with your own domain using a reverse proxy or Azure Application Gateway.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Glances by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Then Review + create then Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name glances \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name glances --port 80 --priority 1010

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm the services are running

Glances runs as glances-web.service on the loopback interface, fronted by nginx on port 80. A one shot glances-firstboot.service runs once on first boot to generate the per instance password. Confirm all three units are active, and that nginx is listening on port 80 while Glances stays private on 127.0.0.1:61208:

sudo systemctl is-active nginx glances-web glances-firstboot
sudo ss -tlnp | grep -E ':80 |:61208 '

Expected output:

active
active
active
LISTEN 0 2048 127.0.0.1:61208 0.0.0.0:* users:(("glances",pid=29912,fd=6))
LISTEN 0 511  0.0.0.0:80      0.0.0.0:* users:(("nginx",...))
LISTEN 0 511  [::]:80         [::]:*    users:(("nginx",...))

Glances listens only on 127.0.0.1, so it is never reachable directly from the network; every request goes through nginx on port 80.

nginx and glances-web both active, with nginx listening on port 80 and Glances bound to loopback 61208

Step 5 - Retrieve your per instance credentials

The dashboard is protected by HTTP Basic authentication. The username is glances and the password is generated uniquely for this instance on first boot and stored in a root only file. Read it with:

sudo cat /root/glances-info.txt

You will see the access URL, the username and the per instance password:

glances_url=http://<vm-ip>/
glances_username=glances
glances_password=<your-unique-password>

The per instance Glances access note recording the URL, the username and the generated password

Keep this password safe. It is unique to this VM; no default password ships in the image.

Step 6 - Confirm the dashboard is secure by default

The /healthz endpoint used by load balancer probes is intentionally open and returns 200. The dashboard and the REST API, however, require the credentials, so an unauthenticated request to the API returns 401:

curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/healthz
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/api/4/cpu

Expected output:

200
401

Supplying the per instance credentials returns live CPU statistics as JSON. Replace <glances-password> with the password from /root/glances-info.txt:

curl -s -u glances:<glances-password> http://127.0.0.1/api/4/cpu

Expected output (an authenticated request returns the live CPU plugin):

{"total": 0.9, "user": 0.6, "system": 0.3, "idle": 99.0, "iowait": 0.1, "cpucore": 2, ...}

An unauthenticated API request returning 401, then an authenticated request returning the live CPU JSON

Step 7 - Confirm the version and query a live metric

Confirm the pinned Glances version, the health endpoint, and pull a live memory metric from the REST API:

/opt/glances/venv/bin/glances --version
curl -s -o /dev/null -w 'healthz HTTP %{http_code}\n' http://127.0.0.1/healthz

Expected output:

Glances version:    4.5.5
healthz HTTP 200

From your workstation you can query the same authenticated API over the network using the VM's public IP:

curl -s -u glances:<glances-password> http://<vm-ip>/api/4/mem
curl -s -u glances:<glances-password> http://<vm-ip>/api/4/all

The /api/4/ REST API exposes every metric the dashboard shows (cpu, mem, load, network, diskio, fs, processlist and more), which makes it easy to feed Glances data into your own scripts, dashboards or alerting.

The Glances version, the healthz probe returning 200, and a live memory metric from the REST API

Step 8 - Open the web dashboard

In a browser, open http://<vm-public-ip>/ and sign in as glances with the per instance password. The dashboard shows the host, uptime and processor at the top, live CPU, memory, load, swap, network, disk input and output and filesystem panels, and a sortable list of running processes that refreshes in real time.

The Glances web dashboard on Ubuntu 24.04 showing live CPU, memory, load, network and disk metrics with the process list

The process list sorts automatically by CPU consumption, so the busiest processes rise to the top. When a workload starts, the CPU and load gauges climb and the responsible process appears at the head of the list.

The Glances process monitor listing running processes sorted by CPU usage, with the CPU gauge elevated under load

The network and disk panels show live throughput. Read and write rates for each block device and receive and transmit rates for each interface update continuously alongside filesystem usage.

The Glances dashboard showing live network throughput and disk input and output rates alongside filesystem usage

Everything on the dashboard is also available programmatically. Browsing the authenticated REST API returns the full set of live metrics as JSON, ready to consume from your own tools.

The Glances REST API rendering live system metrics as JSON in the browser, protected by the per instance credentials

Enabling HTTPS for production

Glances serves plain HTTP on port 80 behind nginx. For production or shared access, put your own TLS certificate in front of it. Point a DNS record at the VM's public IP, then terminate TLS with Azure Application Gateway or extend the nginx configuration in /etc/nginx/sites-available/cloudimg-glances with a certbot issued certificate for your domain. Restrict port 80 to your Application Gateway or management network in the NSG once TLS is in place.

Support

Every cloudimg image includes 24/7 support, 365 days a year, by email and live chat with a 24 hour response SLA. Contact support@cloudimg.co.uk with the product name and your Azure region and we will help.