Saturday, June 25, 2016

cut command examples in linux ?

Linux command cut is used for text processing. You can use this command to extract portion of text from a file by selecting columns.

$ cat test.txt
cat command for file oriented operations.
cp command for copy files or directories.
ls command to list out files and directories with its attributes.

 Select Column of Characters

To extract only a desired column from a file use -c option. The following example displays 2nd character from each line of a file test.txt

$ cut -c2 test.txt
a
p
s
As seen above, the characters a, p, s are the second character from each line of the test.txt file.

 Select Column of Characters using Range

Range of characters can also be extracted from a file by specifying start and end position delimited with -. The following example extracts first 3 characters of each line from a file called test.txt

$ cut -c1-3 test.txt
cat
cp
ls
 Select Column of Characters using either Start or End Position

Either start position or end position can be passed to cut command with -c option.
The following specifies only the start position before the ‘-‘. This example extracts from 3rd character to end of each line from test.txt file.

$ cut -c3- test.txt
t command for file oriented operations.
 command for copy files or directories.
 command to list out files and directories with its attributes.
The following specifies only the end position after the ‘-‘. This example extracts 8 characters from the beginning of each line from test.txt file.

$ cut -c-8 test.txt
cat comm
cp comma
ls comma
The entire line would get printed when you don’t specify a number before or after the ‘-‘ as shown below.

$ cut -c- test.txt
cat command for file oriented operations.
cp command for copy files or directories.
ls command to list out files and directories with its attributes.

Select a Specific Field from a File

Instead of selecting x number of characters, if you like to extract a whole field, you can combine option -f and -d. The option -f specifies which field you want to extract, and the option -d specifies what is the field delimiter that is used in the input file.

The following example displays only first field of each lines from /etc/passwd file using the field delimiter : (colon). In this case, the 1st field is the username. The file

$ cut -d':' -f1 /etc/passwd
root
daemon
bin
sys
sync
games
rajesh


Select Multiple Fields from a File

You can also extract more than one fields from a file or stdout. Below example displays username and home directory of users who has the login shell as “/bin/bash”.

$ grep "/bin/bash" /etc/passwd | cut -d':' -f1,6
root:/root
rajesh:/home/rajesh
To display the range of fields specify start field and end field as shown below. In this example, we are selecting field 1 through 4, 6 and 7

$ grep "/bin/bash" /etc/passwd | cut -d':' -f1-4,6,7
root:x:0:0:/root:/bin/bash
rajesh:x:1000:1000:/home/rajesh:/bin/bash

Select Fields Only When a Line Contains the Delimiter

In our /etc/passwd example, if you pass a different delimiter other than : (colon), cut will just display the whole line.

In the following example, we’ve specified the delimiter as | (pipe), and cut command simply displays the whole line, even when it doesn’t find any line that has | (pipe) as delimiter.

$ grep "/bin/bash" /etc/passwd | cut -d'|'  -f1
root:x:0:0:root:/root:/bin/bash
rajesh:x:1000:1000:rajesh,,,:/home/rajesh:/bin/bash
But, it is possible to filter and display only the lines that contains the specified delimiter using -s option.

The following example doesn’t display any output, as the cut command didn’t find any lines that has | (pipe) as delimiter in the /etc/passwd file.

$ grep "/bin/bash" /etc/passwd | cut -d'|' -s -f1

Select All Fields Except the Specified Fields

In order to complement the selection field list use option –complement.

The following example displays all the fields from /etc/passwd file except field 7

$ grep "/bin/bash" /etc/passwd | cut -d':' --complement -s -f7
root:x:0:0:root:/root
rajesh:x:1000:1000:rajesh,,,:/home/rajesh

Change Output Delimiter for Display

By default the output delimiter is same as input delimiter that we specify in the cut -d option.

To change the output delimiter use the option –output-delimiter as shown below. In this example, the input delimiter is : (colon), but the output delimiter is # (hash).

$ grep "/bin/bash" /etc/passwd | cut -d':'  -s -f1,6,7 --output-delimiter='#'
root#/root#/bin/bash
rajesh#/home/rajesh#/bin/bash

Change Output Delimiter to Newline

In this example, each and every field of the cut command output is displayed in a separate line. We still used –output-delimiter, but the value is $’\n’ which indicates that we should add a newline as the output delimiter.

$ grep rajesh /etc/passwd | cut -d':' -f1,6,7 --output-delimiter=$'\n'

/home/rajesh

/bin/bash

Thursday, June 23, 2016

linux interview questions and answers for experienced ?

Q. What are the differences between a regular file and a directory.
A. A directory is marked with a different file type in its i-node entry and it is a file with a special organization. Specifically, it is a table consisting of file names and i-node numbers.

Q. Where are the file names stored on a file system?
A. The actual file names are stored in the directory file.

Q. What is an i-node?
A. An i-node (short for index node) is a pointer to a data structure that contains the following information describing a file on the filesystem:
* File type (e.g., regular file, directory, symbolic link, character device).
* Owner (also referred to as the user ID or UID) for the file.
* Group (also referred to as the group ID or GID) for the file.
* Access permissions for three categories of user: owner (sometimes referred to as user), group, and other (the rest of the world). Section 15.4 provides further details.
* Three timestamps: time of last access to the file (shown by ls –lu), time of last modification of the file (the default time shown by ls –l), and time of last status change (last change to i-node information, shown by ls –lc). As on other UNIX implementations, it is notable that most Linux file systems don’t record the creation time of a file.
* Number of hard links to the file.
* Size of the file in bytes.
* Number of blocks actually allocated to the file, measured in units of 512-byte blocks. There may not be a simple correspondence between this number and the size of the file in bytes, since a file can contain holes, and thus require fewer allocated blocks than would be expected according to its nominal size in bytes.
* Pointers to the data blocks of the file.
I-nodes are identified numerically by their sequential location in the i-node table.
The i-node doesn't contain a file name; it is only the mapping within a directory list that defines the name of a file.
I-node 1 is used to record bad blocks in the file system. The root directory (/) of a file system is always stored in i-node entry 2.
I-node numbers are unique only within a file system.

Q. What are hard and soft links?
A. The mapping within a directory list that defines the name of a file and it's i-node number is called a link, or a hard link. One can create multiple names — in the same or in different directories — each of which refers to the same i-node.
Hard links have two limitations, both of which can be circumvented by the use of symbolic links:
* Because directory entries (hard links) refer to files using just an i-node number, and i-node numbers are unique only within a file system, a hard link must reside on the same file system as the file to which it refers.
* A hard link can’t be made to a directory. This prevents the creation of circular links, which would confuse many system programs.
A symbolic link is just a file containing the name of another file; Symbolic link refers to a file name, rather than an i-node number, it can be used to link to a file in a different file system.

Q. What is a Signal in Linux, and what signal is invoked when you use the kill command? What is the difference between kill and kill -9?
A. A signal is a limited form of inter-process communication used in Unix, Unix-like, and other POSIX-compliant operating systems. It is an asynchronous notification sent to a process or to a specific thread within the same process in order to notify it of an event that occurred. When a signal is sent, the operating system interrupts the target process's normal flow of execution.
The difference between invoking kill with no signal specified (which uses SIGTERM, number 15) and kill -9 is that the latter tries to kill the process without consideration to open files and resources in use.

Q. Describe what happens when you run the rm command.
A. The rm command removes a filename from a directory list, decrements the link count of the corresponding i-node by 1, and, if the link count thereby falls to 0, deallocates the i-node and the data blocks to which it refers.

Q. What is a process?
A. A process is an instance of an executing program. When a program is executed, the kernel loads the code of the program into virtual memory, allocates space for program variables, and sets up kernel bookkeeping data structures to record various information (such as process ID, termination status, user IDs, and group IDs) about the process. From a kernel point of view, processes are the entities among which the kernel must share the various resources of the computer.

Q. What are the logically divided parts of a process?
A. A process is logically divided into the following parts, known as segments:
* Text: the read-only machine-language instructions of the program run by the process.
* Data: initialized/uninitialized global and static variables used by the program;
* Heap: an area from which memory (for variables) can be dynamically allocated at run time. The top end of the heap is called the program break;
* Stack: a piece of memory that grows and shrinks as functions are called and return and that is used to allocate storage for local variables and function call linkage information;

Q. What are the process states in Linux?
A. Running: Process is either running or ready to run
* Interruptible: a Blocked state of a process and waiting for an event or signal from another process
* Uninterpretable: a blocked state. Process waits for a hardware condition and cannot handle any signal
* Stopped: Process is stopped or halted and can be restarted by some other process
* Zombie: process terminated, but information is still there in the process table.

Q. How are threads different from processes?
A. Like processes, threads are a mechanism that permits an application to perform multiple tasks concurrently. A single process can contain multiple threads. All threads are independently executing the same program, and they all share the same global memory, including the initialized data, uninitialized data, and heap segments.
Sharing information between threads is easy and fast. It is just a matter of copying data into shared (global or heap) variables. However, in order to avoid the problems that can occur when multiple threads try to update the same information, we must employ some synchronization techniques.
Thread creation is faster than process creation—typically, ten times faster or better. On Linux, threads are implemented using the clone() system call.

Q. What is a Socket?
A. A Socket is a form of Interprocess Communication and Synchronization that can be used to transfer data from one process to another, either on the same host computer or on different hosts connected by a network; Network sockets are identified by source IP address source port and destination IP address and port.

Q. How do you debug a running process or a library that is being called?
A. strace -p PID
ltrace libraryfile

Q. How to see a memory map of a process, along with how much memory a process uses?
A. pmap -x PID

Q. You run chmod -x /bin/chmod, how do you make chmod executable again without copying it or restoring from backup?
A. On Linux, when you execute an ELF executable, the kernel does some mapping and then hands the rest of process setup off to ld.so(1), which is treated somewhat like a (hardware backed) interpreter for ELF files, much like /bin/sh interprets shell scripts, perl interprets perl scripts, etc. And just like you can invoke a shell script without the executable bit via ’/bin/sh your_script’, you can do:
/lib64/ld-linux-x86-64.so.2 /bin/chmod +x /bin/chmod

Q. Explain the TIME_WAIT state in a TCP connection, as displayed by netstat or ss.
A. A TCP connection is specified by the tuple (source IP, source port, destination IP, destination port). The reason why there is a TIME_WAIT state following session shutdown is because there may still be live packets out in the network on its way to you. If you were to re-create that same tuple and one of those packets show up, it would be treated as a valid packet for your connection (and probably cause an error due to sequencing).  So the TIME_WAIT time is generally set to double the packets maximum age. This value is the maximum age your packets will be allowed to get to before the network discards them. That guarantees that, before your allowed to create a connection with the same tuple, all the packets belonging to previous incarnations of that tuple will be dead. That generally dictates the minimum value you should use. The maximum packet age is dictated by network properties, an example being satellite lifetimes are higher than LAN lifetimes since the packets have much further to go.

Q. What is Huge Pages in Linux and what use is there for them?
A. Hugepages is a mechanism that allows the Linux kernel to utilize the multiple page size capabilities of modern hardware architectures. Linux uses pages as the basic unit of memory, where physical memory is partitioned and accessed using the basic page unit. The default page size is 4096 Bytes in the x86 architecture. Hugepages allows large amounts of memory to be utilized with a reduced overhead.
To check: cat /proc/sys/vm/nr_hugepages.
To set: echo 5 > /proc/sys/vm/nr_hugepages

Q. What is a Master boot Record and how do you back it up and restore it?
A. The MBR  is a 512 byte segment on the very first sector of your hard drive composed of three parts: 1) the boot code which is 446 bytes long, 2) the partiton table which is 64 bytes long, and 3) the boot code signature which is 2 bytes long.
To backup: dd if=/dev/sda of=/tmp/mbr.img_backup bs=512 count=1
To restore: dd if=/tmp/mbr.img of=/dev/sda bs=512 count=1

Q. You are using iSCSI or a virtual machine with attached block device. Due to high IO or network latencies the FS goes in read only mode from time to time. What can you do to increase the write time out on the block device?
A. To increase the write time out on a block device in real time use the sys fs:
echo 60 > /sys/block/sdk/device/timeout

Q. Your server is using a lot of cached memory. How do you free it up short of rebooting?
A. Kernels 2.6.16 and newer provide a mechanism to have the kernel drop the page cache and/or inode and dentry caches on command, which can help free up a lot of memory.
To free page cache, dentries and inodes: echo 3 > /proc/sys/vm/drop_caches


Q. How do you pin a process to a specific CPU?
A. CPU affinity is a scheduler property that "bonds" a process to a given set of CPUs on the system. The Linux scheduler will honor the given CPU affinity and the process will not run on any other CPUs. The scheduler attempts to keep processes on the same CPU as long as practical for  performance  reasons. To pin a new process to the first CPU run:
taskset -c 0 top
To pin an existing process to the second CPU run:
taskset -c 1 -p $(pgrep top)

Q. How do you track new concurrent connections?
A. Concurrent connections are the number of authenticated "handshakes" between a client and/or server during any given time before all communications have been disconnected whether by force or by refusal. You can run:
modprobe ip_conntrack
conntrack -E -e NEW

Q. What is SYN flood and how can you detect it and mitigate it?
A. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. Detection can be done by by netstat or ss and filtering for SYN-RECV connection states. Mitigation can be done by null-routing the offending IP and enabling SYN cookies in the kernel, which allow the server to sends back the appropriate SYN+ACK response to the client but discards the SYN queue entry.
ss -a | grep SYN-RECV | awk '{print $4}' | awk -F":" '{print $1}' | sort | uniq -c | sort -n netstat -antp | grep SYN_RECV|awk '{print $4}'|sort|uniq -c | sort -n

Q. You have a file with 2000 IP's. How do you ping them all using bash in parallel?
A.  echo $(cat iplistfile) | xargs -n 1 -P0 ping -w 1 -c 1

Q. What is Memory Overcommit in Linux?
A. By default, Linux will allow processes to allocate more virtual memory than the system actually has, assuming that they won't end up actually using it. When there's more overcommited memory than the available physical and swap memory the OOM-killer picks some process to kill in order to recover memory. One reason Linux manages memory this way by default is to optimize memory usage on fork()'ed processes; fork() creates a full copy of the process space, but in this instance, with overcommitted memory, only pages which have been written to actually need to be allocated by the kernel.

Q. What is system load averag as displayed by uptime?
A. Load Average is the sum of the number of processes waiting in the run-queue plus the number currently executing.If there are four CPUs on a machine and the reported one-minute load average is 4.00, the machine has been utilizing its processors perfectly for the last 60 seconds.

Q. How do you list all kernel modules that are compiled in or enabled?
A. You can execute:
cat /boot/config-$(uname -r)

Q. Kernel space Vs. User space - pros and cons.
A. The role of the operating system, in practice, is to provide programs with a consistent view of the computer's hardware. In addition, the operating system must account for independent operation of programs and protection against unauthorized access to resources. This nontrivial task is possible only if the CPU enforces protection of system software from the applications.
Every modern processor is able to enforce this behavior. The chosen approach is to implement different operating modalities (or levels) in the CPU itself. The levels have different roles, and some operations are disallowed at the lower levels; program code can switch from one level to another only through a limited number of gates. Unix systems are designed to take advantage of this hardware feature, using two such levels. All current processors have at least two protection levels, and some, like the x86 family, have more levels; when several levels exist, the highest and lowest levels are used. Under Unix, the kernel executes in the highest level (also called supervisor mode), where everything is allowed, whereas applications execute in the lowest level (the so-called user mode), where the processor regulates direct access to hardware and unauthorized access to memory.
We usually refer to the execution modes as kernel space and user space. These terms encompass not only the different privilege levels inherent in the two modes, but also the fact that each mode can have its own memory mapping—its own address space—as well.
Unix transfers execution from user space to kernel space whenever an application issues a system call or is suspended by a hardware interrupt. Kernel code executing a system call is working in the context of a process—it operates on behalf of the calling process and is able to access data in the process's address space. Code that handles interrupts, on the other hand, is asynchronous with respect to processes and is not related to any particular process.

Q. What is the difference between Active and Passive FTP sessions:
A.
Active FTP :
command channel : client port above1023 connects to server port 21
data channel: client port above 1023 is connected from server port 20

Passive FTP :
command channel: client port above 1023 connects to server port 21
data channel: client port above 1023 connects to server port above 1023


Thursday, June 2, 2016

how to use systemctl command in RHEL7 and Centos 7 ?

systemctl command with all possible options rhel7 and centos7

systemctl is a command available in new version of Linux. Systemctl is used to control the systemd and service manager. To control services we have to use lot many options along with systemctl command. It is changed dramatically in new version of Linux. In this article we are going to explore as many possible ways as to use systemctl command in Linux.

Let’s start with checking the service status.

 Service Status Check and show service units
below is the command used to verify the service status
[root@Linuxforfreshers ~]# systemctl status network.service
network.service - LSB: Bring up/down networking
   Loaded: loaded (/etc/rc.d/init.d/network)
   Active: active (exited) since Thu 2016-04-28 13:39:38 IST; 32min ago
  Process: 5239 ExecReload=/etc/rc.d/init.d/network reload (code=killed, signal=TERM)
  Process: 5313 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
[root@linuxforfreshers ~]# systemctl show crond.service
Id=crond.service
Names=crond.service
Requires=basic.target
Wants=system.slice
Conflicts=shutdown.target
Before=shutdown.target

Verify service is active and enabled

If service is active it means service is running without any issues.  As a example we verify web service is running OR not.
[root@Linuxforfreshers ~]# systemctl is-active httpd.service
active
Enabling service means we are ensuring that service should start when server is rebooted. In older versions chkconfig command.
[root@linuxforfreshers ~]# systemctl enable crond.service
[root@linuxforfreshers ~]# systemctl is-enabled crond.service
enabled
Start and restart service using systemctl
As simple as starting the services and restarting the services is very easy, Here we have little more than that in New version.
[root@linuxforfreshers ~]# systemctl start crond.service
[root@linuxforfreshers ~]# systemctl restart crond.service
as we say it is more than start and restart we have systemctl try-restart now your thinking about what is the difference between restart and try-restart..?
option restart will restart the service if it is in stopped state also.
option try-restart Restart one or more units specified on the command line if the units are running. This does nothing if units are not running. Note that, for compatibility with Red Hat init scripts, condrestart is equivalent to this command.
[root@linuxforfreshers ~]# systemctl try-restart crond.service

 Listing dependencies, jobs, sockets, unit-files and Units
Listing dependencies means what are the services we have to start before starting this required service this before version this feature was not there.
Shows required and wanted units of the specified unit. If no unit is specified, default.target is implied. Target units are recursively expanded. When –all is passed, all other units are recursively expanded as well
[root@linuxforfreshers ~]# systemctl list-dependencies crond.service
crond.service
system.slice
└─basic.target
alsa-restore.service
alsa-state.service
firewalld.service
microcode.service
rhel-autorelabel-mark.service
rhel-autorelabel.service
rhel-configure.service
rhel-dmesg.service
rhel-loadmodules.service
paths.target
slices.target
list-jobs will show what are jobs running currently in background
[root@linuxforfreshers ~]# systemctl list-jobs
No jobs running.
Listing installed unit files
[root@linuxforfreshers ~]# systemctl list-unit-files |grep sshd
anaconda-sshd.service static
sshd-keygen.service static
sshd.service enabled
sshd@.service static
sshd.socket disabled
List all available sockets
[root@linuxforfreshers ~]# systemctl list-sockets
LISTEN UNIT ACTIVATES
/dev/initctl systemd-initctl.socket systemd-initctl.service
/dev/log systemd-journald.socket systemd-journald.service
/run/dmeventd-client dm-event.socket dm-event.service
/run/dmeventd-linuxforfreshers dm-event.socket dm-event.service
/run/lvm/lvmetad.socket lvm2-lvmetad.socket lvm2-lvmetad.service
/run/systemd/journal/socket systemd-journald.socket systemd-journald.service
/run/systemd/journal/stdout systemd-journald.socket systemd-journald.service
/run/systemd/shutdownd systemd-shutdownd.socket systemd-shutdownd.service
/run/udev/control systemd-udevd-control.socket systemd-udevd.service
/var/run/avahi-daemon/socket avahi-daemon.socket avahi-daemon.service
/var/run/cups/cups.sock cups.socket cups.service
/var/run/dbus/system_bus_socket dbus.socket dbus.service
/var/run/rpcbind.sock rpcbind.socket rpcbind.service
@ISCSIADM_ABSTRACT_NAMESPACE iscsid.socket iscsid.service
@ISCSID_UIP_ABSTRACT_NAMESPACE iscsiuio.socket iscsiuio.service
kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
16 sockets listed.
Pass --all to see loaded but inactive sockets, too.
Note: because the addresses might contains spaces, this output is not suitable for programmatic consumption.
[root@linuxforfreshers ~]# systemctl list-sockets --show-types
LISTEN TYPE UNIT ACTIVATES
/dev/initctl FIFO systemd-initctl.socket systemd-initctl.service
/dev/log Datagram systemd-journald.socket systemd-journald.service
/run/dmeventd-client FIFO dm-event.socket dm-event.service
/run/dmeventd-linuxforfreshers FIFO dm-event.socket dm-event.service
/run/lvm/lvmetad.socket Stream lvm2-lvmetad.socket lvm2-lvmetad.service
/run/systemd/journal/socket Datagram systemd-journald.socket systemd-journald.service
/run/systemd/journal/stdout Stream systemd-journald.socket systemd-journald.service
/run/systemd/shutdownd Datagram systemd-shutdownd.socket systemd-shutdownd.service
/run/udev/control SequentialPacket systemd-udevd-control.socket systemd-udevd.service
/var/run/avahi-daemon/socket Stream avahi-daemon.socket avahi-daemon.service
/var/run/cups/cups.sock Stream cups.socket cups.service
/var/run/dbus/system_bus_socket Stream dbus.socket dbus.service
/var/run/rpcbind.sock Stream rpcbind.socket rpcbind.service
@ISCSIADM_ABSTRACT_NAMESPACE Stream iscsid.socket iscsid.service
@ISCSID_UIP_ABSTRACT_NAMESPACE Stream iscsiuio.socket iscsiuio.service
kobject-uevent 1 Netlink systemd-udevd-kernel.socket systemd-udevd.service
16 sockets listed.
Pass --all to see loaded but inactive sockets, too.
[root@linuxforfreshers ~]# systemctl list-sockets --failed
0 sockets listed.
Pass --all to see loaded but inactive sockets, too.

Setting up default target (Older version Run Level) and getting default target
We have to use set-default to set default run level and we can see default run level using get-default option as shown below example
[root@linuxforfreshers ~]# systemctl set-default multi-user.target
rm '/etc/systemd/system/default.target'
ln -s '/usr/lib/systemd/system/multi-user.target' '/etc/systemd/system/default.target'
[root@linuxforfreshers ~]# systemctl get-default
multi-user.target

Masking service ans unmasking service
What is mean by masking service, there is situation that company will have multiple administrators working together still there are times one administrator will stop the service which is not required but another administrator will start the same service unfortunately Or unknowingly , will lead to lot of problems to avoid this types of situations. We have to disable, stop the service and mask it, when other administrator try to start also the service will never start until unless explicitly unmask.
[root@linuxforfreshers ~]# systemctl disable crond.service
rm '/etc/systemd/system/multi-user.target.wants/crond.service'
[root@linuxforfreshers ~]# systemctl stop crond.service
[root@linuxforfreshers ~]# systemctl mask crond.service
ln -s '/dev/null' '/etc/systemd/system/crond.service'
[root@linuxforfreshers ~]# systemctl status crond.service
crond.service
Loaded: masked (/dev/null)
 Active: inactive (dead)
As shown in above command examples we have stopped the service, disabled the service and masked the service. Now try to start the service.
[root@linuxforfreshers ~]# systemctl start crond.service
Failed to issue method call: Unit crond.service is masked.
now unmask the service and start it will start
[root@linuxforfreshers ~]# systemctl unmask crond.service
rm '/etc/systemd/system/crond.service'
[root@linuxforfreshers ~]# systemctl start crond.service
[root@linuxforfreshers ~]# systemctl status crond.service
crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; disabled)
Active: active (running) since Thu 2016-04-28 22:45:12 IST; 9s ago
Main PID: 7521 (crond)
CGroup: /system.slice/crond.service
└─7521 /usr/sbin/crond -n

Reload and reset service status
Most of the administrator will still have an question that what is the difference between service reload and restart.
Service reload is used whenever we changed something to the service and we would like to push the changes to the service without interrupting the connected users. Reloading the service will never change existing PID (Process Identity)
Service restart is used to restart the service which means stop and start the service, whenever we run restart existing users will disconnect and new PID will be created. It required little downtime to the service changes.
Before reloading the service status
[root@linuxforfreshers ~]# systemctl status sshd.service
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2016-04-28 05:56:52 IST; 16h ago
Process: 7228 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 1601 (sshd)
CGroup: /system.slice/sshd.service
└─1601 /usr/sbin/sshd -D

After reloading the service

[root@linuxforfreshers ~]# systemctl reload sshd.service
[root@linuxforfreshers ~]# systemctl status sshd.service
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2016-04-28 05:56:52 IST; 16h ago
Process: 7243 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 1601 (sshd)
CGroup: /system.slice/sshd.service
└─1601 /usr/sbin/sshd -D
if observe correctly PID before and after reload not changed.
Reset the “failed” state of the specified units

[root@linuxforfreshers ~]# systemctl reset-failed sshd.service

 Daemon reload option
After deleting the file or directory, you should reload the systemd process so that it no longer attempts to reference these files and reverts back to using the system copies. You can do this by typing:
[root@linuxforfreshers ~]# systemctl daemon-reload

Isolating Targets using systemctl command
It is possible to start all of the units associated with a target and stop all units that are not part of the dependency tree. The command that we need to do this is called, appropriately, isolate. This is similar to changing the runlevel in other init systems.

For instance, if you are operating in a graphical environment with graphical.target active, you can shut down the graphical system and put the system into a multi-user command line state by isolating the multi-user.target. Since graphical.target depends on multi-user.target but not the other way around, all of the graphical units will be stopped.

You may wish to take a look at the dependencies of the target you are isolating before performing this procedure to ensure that you are not stopping vital services:

systemctl list-dependencies multi-user.target

When you are satisfied with the units that will be kept alive, you can isolate the target by typing:
systemctl isolate multi-user.target

Create service snapshot and delete
Create a snapshot. If a snapshot name is specified, the new snapshot will be named after it. If none is specified, an automatic snapshot name is generated. In either case, the snapshot name used is printed to STDOUT, unless –quiet is specified.

A snapshot refers to a saved state of the systemd manager. It is implemented itself as a unit that is generated dynamically with this command and has dependencies on all units active at the time. At a later time, the user may return to this state by using the isolate command on the snapshot unit.
Snapshots are only useful for saving and restoring which units are running or are stopped, they do not save/restore any other state. Snapshots are dynamic and lost on reboot.

[root@linuxforfreshers ~]# systemctl snapshot sshd.service
sshd.service.snapshot
[root@linuxforfreshers ~]# systemctl status sshd.service.snapshot
sshd.service.snapshot
Loaded: loaded
Active: inactive (dead)
[root@linuxforfreshers ~]# systemctl delete sshd.service.snapshot
[root@linuxforfreshers ~]# systemctl status sshd.service.snapshot
sshd.service.snapshot
Loaded: not-found (Reason: No such file or directory)

Active: inactive (dead)