Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Develop On-Device JET Applications

Overview

JET applications written in C, C++, and Python languages can run on-device. You can develop the applications in the downloaded JET VM and then deploy these applications on the device running Junos OS. You can sign on-device JET applications to show that they can be trusted.

Note:

The Python 2.7 end-of-life and end-of-support date is January 1, 2020. The official upgrade path for Python 2.7 is to Python 3. As support for Python 3 is added to devices running Junos OS for the different types of on-device scripts, we recommend that you migrate supported script types from Python 2 to Python 3.

Starting in Junos OS Release 21.1R1, Python 2.7 is no longer supported and the set system scripts language python statement is deprecated. Use the set system scripts language python3 statement instead. Junos OS Evolved Release 21.1R1 still supports Python 2.7.

Figure 1 shows the application development workflow for unsigned and signed on-device JET applications.

Figure 1: On-Device JET Application WorkflowOn-Device JET Application Workflow

Develop Unsigned JET Applications

Unsigned JET applications can only be written in Python.

To develop an unsigned JET application:

  1. (Optional) Download and set up the JET VM. See Set Up the JET VM.

  2. Develop your application in Python.

  3. Package your application. See Package JET Applications.

  4. Configure the language statement on the Junos OS device. For example, to use Python 3 to run a JET script that supports Python 3:

    See Understanding Python Automation Scripts for Devices Running Junos OS for more information.

  5. Run the application on a device running on Junos OS.

Develop Signed JET Applications

You can develop signed applications in C, C++, or Python.

To develop a signed application:

  1. Download the packages you need and set up the JET VM. See Set Up the JET VM.

  2. Request a signing certificate. See Request a Signing Certificate.

  3. Develop the application.

  4. Configure the license if your application is written in C or C++. This step is optional for applications written in Python. See Configuring the JET Application and its License on a Device Running Junos OS for details.

  5. Build the package and sign the package using the acquired certificate.

  6. Deploy the application on a device running Junos OS.

Request a Signing Certificate

To develop and distribute JET applications, you must install a package signing certificate on the JET VM by executing the certificate request script. This script assists you in creating a signing key and a certificate request for use with JET.

CAUTION:

Never share the signing key with anyone, including Juniper Networks. The key enables anyone to sign applications that your router will trust. Therefore, treat the key with the same level of security as the root password for the routers. Once you obtain your signing key, save it in a file outside of the VM.

The certificate request script asks for the following information:

  • City, state, and country.

  • Your organization and unit. The organization should not be vague. There cannot be any hyphens ("-").

  • Certificate type: Specify whether the certificate is commercial or private. Non-Juniper entities must use commercial. Private certificates are only assigned when the organization is Juniper.

  • Provider prefix: This is the unique provider name assigned by Juniper to each JET partner.

  • User string: This is an additional specification of your choosing. It could be a string specifying the development team or project name. The user string can consist of a lowercase letter followed by one or more lowercase letters or numbers (for example, teamjet2).

  • Deployment scope: The deployment scope is the string assigned by Juniper to differentiate multiple certificates for the same JET partner. This defines the validity period for the generated certificate. The scope can be commercial or evaluation. If none is assigned to you, leave it empty.

  • Index number: This number is known as a certificate generations number. It will be 1 for your initial certificate. When a certificate expires and when you request a new one, this number will be incremented.

  • Email address: The email address for the certificate contact will be embedded into the certificate. We recommend using the email address of a department or unit in your organization. We recommend that you do not use a personal email address.

To create a signed application, request certificates and copy them as explained in the following procedure. This procedure is optional if you want to create an unsigned application.

To manually request a certificate:

  1. Create the /usr/local/junos-jet/certs directory if it does not already exist on your device.

  2. In a VM terminal, run the jet-certificate-request command.

  3. The script leads you through a series of questions. Answer the questions and press Enter after each answer. See the requirements for each answer listed above.

  4. Based on your answers, the script generates two files in the /usr/local/junos-jet/certs directory: certname_key.pem and certname_req.pem. The certname is the name of the certificate.

    The certificate name must follow the format ORGANIZATION-USER-TYPE-NUMBER. All four parameters are mandatory or else you will see the following error:

  5. Save the certname_key.pem file outside the VM. This is your signing key. Ensure that no one outside of your development organization has access to it. Never share the signing key with anyone, including Juniper Networks.

    The key enables anyone to sign applications that your router will trust. Therefore, treat the key with the same level of security as the root password for the routers.

  6. Send the certname_req.pem file to JET Certificate Processing at mailto:jet-cert@juniper.net. This file contains your certificate request. The requestor should be authorized to request signing certificates on behalf of their organization. JET Certificate Processing will immediately send your certificate to you.

  7. When you receive your certificate, save it as certname and copy it to the /usr/local/junos-jet/certs directory.

  8. Verify the certificate and the signing key are available in the /usr/local/junos-jet/certs directory.

Compile 64-Bit Applications

JET supports 64-bit applications for Junos OS with FreeBSD and Junos OS with upgraded FreeBSD. When you are ready to package your application, use the following commands to compile 64-bit applications for use with the AMD64 or ARM64 64-bit processor architecture.

To compile the application for use with AMD64 and Junos OS with FreeBSD:

  1. Check you have the GCC toolchain, which should be included in the JET package.

  2. Use the command mk-amd64 application name to build the application package.

To compile the application for use with AMD64 and Junos OS with upgraded FreeBSD:

  1. Check you have the Clang toolchain, which should be included in the JET package.

  2. Use the command mk-amd64,bsdx application name to build the application package.

To compile the application for use with ARM64 and Junos OS with upgraded FreeBSD:

  1. Check you have the Clang toolchain, which should be included in the JET package.

  2. Use the command mk-arm64,bsdx application name to build the application package.

Example: Develop a Signed C Package

After you have set up the JET VM and acquired a signing certification, you are ready to create the development sandbox in the VM and start developing your signed, on-device application. Use this example to create C applications echoclient and echoserver.

  1. Check out the sandbox. A sandbox is a build tree with a little environment file called .sandbox-env at the top that is used by a wrapper script mk to ensure the build environment is properly conditioned.
    Note:

    The echo client is a demo application. In the bin/ directory, all the necessary configuration and build related files are available within the sandbox along with source file for the echo client.

  2. Build an echo client package.
    Note:

    Starting in Junos OS Release 20.2R1, if you will be running your JET application on a ACX710 device, you can use the Clang toolchain for ARM-based compilation of JET applications written in C, Python, or Ruby. Use the command mk-arm,bsdx instead of mk-i386,bsdx to use the Clang toolchain to compile your application.

  3. Copy the echo client package onto the device running on Junos OS.
  4. Enter configuration mode on the Junos OS device.
  5. Install the echo client package.

    Confirm it was installed successfully.

  6. Check out the echo server sandbox.
  7. Build the echo server package.
  8. Copy the echo server package to the Junos VM.
  9. Add the echo server package to the Junos OS device.
  10. Check that the packages were added successfully.
  11. Configure the echo server's provider's ID, license type, and deployment scope on the Junos OS device. Use the same provider license that you used to package it.
  12. Configure the echo server on the Junos OS device.

  13. Configure the echo client's provider's ID, license type, and deployment scope on the Junos OS device. Use the same provider license that you used to package it.
  14. Configure the echo client application on the Junos OS device.
  15. Run the echo client application.

Example: Develop a Signed Python Package Without C Dependencies

After you have set up the JET VM and acquired a signing certification, you are ready to create the development sandbox in the VM and start developing your signed, on-device application. Use this example to develop a signed Python package without C dependencies.

  1. In the VM, go to the /home/vagrant directory.
  2. Create a sandbox by using the mksb command, where SamplePyApp is the name of the sandbox. A sandbox is a build tree with a little environment file called .sandbox-env at the top that is used by a wrapper script mk to ensure the build environment is properly conditioned.
  3. Create subdirectories in the sandbox.

    First, use the workon command to go into your sandbox. The workon command takes you directly to the $SB/src directory and sets the sandbox correctly.

    Alternatively, you can cd to the src directory of your sandbox.

    Next, create subdirectories for application code in $SB/src/python, $SB/src/lib, or $SB/src/bin, based on whether you need Python, library, or bin (executable) files.

  4. Develop the code.

    If you are writing your application using Python 3, include the PASS keyword in the Exception block of the script.

  5. Write an application JSON file to package the application.

    SeePackage JET Applications for more information.

  6. Add the path to jet-pkg-gen.py to your .bashrc file.
  7. Autogenerate the appropriate makefiles by running the jet-pkg-gen.py command. The jet-pkg-gen.py command takes two options:
    • The -i option is followed by the path and filename of the JSON file.

    • The -p option is followed by the path to the src directory of the sandbox.

    For example, if the sandbox name is SamplePyApp:

    Note:

    The autogenerated application makefile will be correct in most cases. If there are any external library dependencies, adjust the makefile accordingly.

  8. Build the entire package.

    First, return to the src directory ($SB/src). Next, run the mk-i386 SamplePyApp command, where SamplePyApp is the "app-name" from the JSON file in Step 5.

    Note:

    Starting in Junos OS Release 20.2R1, if you will be running your JET application on a ACX710 device, you can use the Clang toolchain for ARM-based compilation of JET applications written in C, Python, or Ruby. Use the command mk-arm,bsdx instead of mk-i386,bsdx to use the Clang toolchain to compile your application.

  9. Copy the package onto a device running Junos OS.

Now configure the Junos OS device and install the package.

  1. Enter configuration mode.

  2. Configure the application's provider's ID, license type, and deployment scope on the Junos OS device, if necessary. Use the same provider license that you used to package it.

    For more information, see Configuring the JET Application and its License on a Device Running Junos OS.

  3. Exit to operational mode and install the copied package on the Junos OS device.

    Note:

    This step will fail if providers is not configured.

  4. Verify the package was installed successfully.

  5. Enter configuration mode.

  6. Configure the command-line arguments through the Junos OS CLI. If a Python JET script is available in the /var/db/scripts/jet/ directory on a device running Junos OS, you can configure command-line arguments for the file and supply the arguments from the Junos CLI.

    Here are the arguments in the application.

    Configure the command-line arguments in the CLI. In this example, the script filename is cmdline_args.py.

  7. Commit the configuration and exit to operational mode.

  8. Run the application.

Example: Develop a Signed Python Package With C Dependencies

After you have set up the JET VM and acquired a signing certification, you are ready to create the development sandbox in the VM and start developing your signed, on-device application. Use this example to develop a signed Python package with C dependencies.

  1. Check out the sandbox.
  2. Create an application directory in the Python subdirectory.

  3. A bitarray is an example of a relatively simple Python module with a C dependency. Download and extract the bitarray from https://pypi.org/project/bitarray/ into the Python application directory.

    This is an example of a simple Python application that uses a bitarray module:

    If you are writing your application using Python 3, include the PASS keyword in the Exception block of the script.

  4. Create the JSON configuration file that references the external source files. See Package JET Applications for more information.
  5. Run the following command to create the necessary makefiles and the manifest file that locates the files on the Junos OS device when the package is installed.
  6. To locate the bitarray module on a Junos OS device, add the /PyAppC/ path for the __init__.py file and the bitarray/ directory path for the _bitarray.so file.
  7. Build and package the application.
    Note:

    Starting in Junos OS Release 20.2R1, if you will be running your JET application on a ACX710 device, you can use the Clang toolchain for ARM-based compilation of JET applications written in C, Python, or Ruby. Use the command mk-arm,bsdx instead of mk-i386,bsdx to use the Clang toolchain to compile your application.

  8. Copy the built package onto the device running Junos OS.
  9. Configure the application's provider's ID, license type, and deployment scope on the Junos OS device, if necessary. Use the same provider license that you used to package it.
  10. Install the package on the device running Junos OS.

    Once the package is installed successfully, the dependent Python module and the C shared library are installed on the device in the standard Python module path as specified in the manifest file.

  11. Add the application in configuration mode.
  12. Run the application
Release History Table
Release
Description
20.2R1
Starting in Junos OS Release 20.2R1, if you will be running your JET application on a ACX710 device, you can use the Clang toolchain for ARM-based compilation of JET applications written in C, Python, or Ruby.