Publish InfluxDB Enterprise 1.9.3 docs (#2867)

* Start work on Enterprise 1.9.3 release notes

* continue Ent 1.9.3 release notes

* Edit 1.9.3 release notes

* add flux release notes link

* Document `total-buffer-bytes` configuration setting (#2830)

Co-authored-by: Scott Anderson <sanderson@users.noreply.github.com>

* Add link to `total-buffer-bytes`

* Fix weights in Enterprise menu (#2849)

* Document password hashing configuration (#2826)

* Document password hashing configuration
* Add instructions for changing algorithm

Closes #2825
Co-authored-by: kelseiv <47797004+kelseiv@users.noreply.github.com>

* Cleanup release notes. (#2866)

Closes #2824

* add link to password hashing

* fix shard duration bugfix

* Update content/enterprise_influxdb/v1.9/administration/configure-password-hashing.md

* Update content/enterprise_influxdb/v1.9/about-the-project/release-notes-changelog.md

* Update content/enterprise_influxdb/v1.9/about-the-project/release-notes-changelog.md

Co-authored-by: pierwill <pierwill@users.noreply.github.com>
Co-authored-by: Scott Anderson <sanderson@users.noreply.github.com>
Co-authored-by: kelseiv <47797004+kelseiv@users.noreply.github.com>

content/enterprise_influxdb/v1.9/about-the-project/release-notes-changelog.md

@@ -9,6 +9,27 @@ menu:
     parent: About the project
 ---
 
+## v1.9.3 [2021-07-19]
+
+### Features
+- Add [configurable password hashing](/enterprise_influxdb/v1.9/administration/configure-password-hashing/) with `bcrypt` and `pbkdf2` support.
+- Add retry with exponential back-off to anti-entropy repair.
+- Add logging to compaction.
+- Add [`total-buffer-bytes`](/enterprise_influxdb/v1.9/administration/config-data-nodes/#total-buffer-bytes--0) configuration parameter to subscriptions.
+  This option is intended to help alleviate out-of-memory errors.
+- Update to [Flux v0.120.1.](/influxdb/v2.0/reference/release-notes/flux/#v01201-2021-07-06)
+
+### Bug fixes
+- Improve heap memory usage when HH queue grows.
+- Avoid rewriting `fields.idx` unnecessarily.
+- Do not close connection twice in `DigestWithOptions`.
+- Do not panic on cleaning up failed iterators.
+- Rename ARM RPMs with `yum`-compatible names.
+- Convert ARM arch names for RPMs during builds via Docker.
+- Do not send non-UTF-8 characters to subscriptions.
+- Error instead of panic for statement rewrite failure.
+- Fix `SHOW SHARDS` showing expiration time for shard groups with no expiration.
+
 ## v1.9.2 [2021-06-17]
 
 The release of InfluxDB Enterprise 1.9 is different from previous InfluxDB Enterprise releases

content/enterprise_influxdb/v1.9/administration/authentication_and_authorization.md

@@ -5,7 +5,7 @@ description: >
 menu:
   enterprise_influxdb_1_9:
     name: Manage authentication and authorization
-    weight: 20
+    weight: 30
     parent: Administration
 ---
 

content/enterprise_influxdb/v1.9/administration/config-data-nodes.md

@@ -181,6 +181,17 @@ Whether log messages are printed for the meta service.
 
 Environment variable: `INFLUXDB_META_LOGGING_ENABLED`
 
+#### `password-hash = bcrypt`
+
+Configures password hashing algorithm.
+Supported options are: `bcrypt` (the default), `pbkdf2-sha256`, and `pbkdf2-sha512`
+This setting must have the same value as the meta node option [`meta.password-hash`](/enterprise_influxdb/v1.9/administration/config-meta-nodes/#password-hash--bcrypt).
+
+#### `ensure-fips = false`
+
+When `true`, enables a FIPS-readiness check on startup.
+Default is `false`.
+
 -----
 
 ## Data settings
@@ -987,6 +998,15 @@ The number of in-flight writes buffered in the write channel.
 
 Environment variable: `INFLUXDB_SUBSCRIBER_WRITE_BUFFER_SIZE`
 
+#### `total-buffer-bytes = 0`
+
+Total number of bytes allocated to buffering across all subscriptions.
+Each named subscription receives an equal share of the total.
+`0` means unlimited.
+Default is `0`.
+
+Environment variable: `INFLUXDB_SUBSCRIBER_TOTAL_BUFFER_BYTES`
+
 -----
 
 ## Graphite settings

content/enterprise_influxdb/v1.9/administration/config-meta-nodes.md

@@ -5,7 +5,7 @@ description: >
 menu:
   enterprise_influxdb_1_9:
     name: Configure meta nodes
-    weight: 30
+    weight: 21
     parent: Administration
 ---
 
@@ -264,6 +264,17 @@ To use this option, set [`auth-enabled`](#auth-enabled-false) to `true`.
 
 Environment variable: `INFLUXDB_META_INTERNAL_SHARED_SECRET`
 
+#### `password-hash = bcrypt`
+
+Configures password hashing algorithm.
+Supported options are: `bcrypt` (the default), `pbkdf2-sha256`, and `pbkdf2-sha512`
+This setting must have the same value as the data node option [`meta.password-hash`](/enterprise_influxdb/v1.9/administration/config-data-nodes/#password-hash--bcrypt).
+
+#### `ensure-fips = false`
+
+When `true`, enables a FIPS-readiness check on startup.
+Default `ensure-fips` is `false`.
+
 ### TLS settings
 
 For more information, see [TLS settings for data nodes](/enterprise_influxdb/v1.9/administration/config-data-nodes#tls-settings).

content/enterprise_influxdb/v1.9/administration/configure-password-hashing.md

@@ -0,0 +1,67 @@
+---
+title: Configure password hashing
+description: >
+  Configure the cryptographic algorithm used for password hashing.
+menu:
+  enterprise_influxdb_1_9:
+    name: Configure password hashing
+    weight: 80
+    parent: Administration
+related:
+    - /enterprise_influxdb/v1.9/administration/configuration/
+---
+
+
+By default, InfluxDB Enterprise uses `bcrypt` for password hashing.
+[FIPS] compliance requires particular hashing alorithms.
+Use `pbkdf2-sha256` or `pbkdf2-sha512` for FIPS compliance.
+
+## Change password hashing algorithm
+
+Complete the following steps
+to change the password hashing algorithm used by an existing InfluxDB Enterprise cluster:
+
+1. Ensure all meta and data nodes are running InfluxDB Enterprise 1.9.3 or later.
+2. In your meta node and data node configuration files, set [`password-hash`] to one of the following:
+   `pbkdf2-sha256`, or `pbkdf2-sha512`.
+   Also set [`ensure-fips`] to `true`.
+
+   {{% note %}}
+The `meta.password-hash` setting must be the same in both the data and meta node configuration files.
+   {{% /note %}}
+3. Restart each meta and data node to load the configuration change.
+4. To apply the new hashing algorithm, you must [reset](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#reset-a-users-password)
+   all existing passwords in the cluster.
+   Otherwise, the previous algorithm will continue to be used.
+
+## Example configuration
+
+**Example data node configuration:**
+
+```toml
+[meta]
+  # Configures password hashing scheme. Use "pbkdf2-sha256" or "pbkdf2-sha512"
+  # for a FIPS-ready password hash. This setting must have the same value as
+  # the meta nodes' meta.password-hash configuration.
+  password-hash = "pbkdf2-sha256"
+
+  # Configures strict FIPS-readiness check on startup.
+  ensure-fips = true
+```
+
+**Example meta node configuration:**
+
+```toml
+[meta]
+  # Configures password hashing scheme. Use "pbkdf2-sha256" or "pbkdf2-sha512"
+  # for a FIPS-ready password hash. This setting must have the same value as
+  # the data nodes' meta.password-hash configuration.
+  password-hash = "pbkdf2-sha256"
+
+  # Configures strict FIPS-readiness check on startup.
+  ensure-fips = true
+```
+
+[FIPS]: https://csrc.nist.gov/publications/detail/fips/140/3/final
+[`password-hash`]: /enterprise_influxdb/v1.9/administration/config-meta-nodes/#password-hash--bcrypt
+[`ensure-fips`]: /enterprise_influxdb/v1.9/administration/config-meta-nodes/#ensure-fips--false