mail: use a lock to protect container recreation

needs a lock because the cert code also restart mail server from tasks

src/mailserver.js

@@ -35,6 +35,7 @@ const assert = require('assert'),
     hat = require('./hat.js'),
     infra = require('./infra_version.js'),
     Location = require('./location.js'),
+    locks = require('./locks.js'),
     mail = require('./mail.js'),
     os = require('os'),
     path = require('path'),
@@ -132,6 +133,7 @@ async function createMailConfig(mailFqdn) {
     return mailInDomains.length !== 0 /* allowInbound */;
 }
 
+// note: this needs a lock because of container deletion/creation being non-reentrant
 async function configureMail(mailFqdn, mailDomain, serviceConfig) {
     assert.strictEqual(typeof mailFqdn, 'string');
     assert.strictEqual(typeof mailDomain, 'string');
@@ -205,7 +207,10 @@ async function restart() {
     debug(`restart: restarting mail container with mailFqdn:${fqdn} mailDomain:${domain}`);
 
     // NOTE: the email container has to be re-created. this is because some of the settings like solr config rely on starting with a clean /run state
-    await configureMail(fqdn, domain, mailConfig);
+    await locks.wait(locks.TYPE_MAIL_SERVER_RESTART);
+    const [error] = await safe(configureMail(fqdn, domain, mailConfig));
+    await locks.release(locks.TYPE_MAIL_SERVER_RESTART);
+    if (error) throw error;
 }
 
 async function start(existingInfra) {