3 files changed, 20 insertions, 6 deletions

diff --git a/nova/compute/api.py b/nova/compute/api.py
index 0b82d0ed5..13d663194 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -136,6 +136,7 @@ class API(base.Base):
         self.network_api = network_api or network.API()
         self.volume_api = volume_api or volume.API()
         self.security_group_api = security_group_api or SecurityGroupAPI()
+        self.sgh = importutils.import_object(FLAGS.security_group_handler)
         self.consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
         self.scheduler_rpcapi = scheduler_rpcapi.SchedulerAPI()
         self.compute_rpcapi = compute_rpcapi.ComputeAPI()
@@ -2232,7 +2233,9 @@ class SecurityGroupAPI(base.Base):
 
         :param context: the security context
         """
-        self.db.security_group_ensure_default(context)
+        existed, group = self.db.security_group_ensure_default(context)
+        if not existed:
+            self.sgh.trigger_security_group_create_refresh(context, group)
 
     def create(self, context, name, description):
         try:
diff --git a/nova/db/api.py b/nova/db/api.py
index de393287a..cb651793e 100644
--- a/nova/db/api.py
+++ b/nova/db/api.py
@@ -1288,7 +1288,12 @@ def security_group_create(context, values):
 
 
 def security_group_ensure_default(context):
-    """Ensure default security group exists for a project_id."""
+    """Ensure default security group exists for a project_id.
+
+    Returns a tuple with the first element being a bool indicating
+    if the default security group previously existed. Second
+    element is the dict used to create the default security group.
+    """
     return IMPL.security_group_ensure_default(context)
 
 
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index 533298bee..ad013b877 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -1423,8 +1423,8 @@ def instance_create(context, values):
 
     def _get_sec_group_models(session, security_groups):
         models = []
-        default_group = security_group_ensure_default(context,
-                session=session)
+        _existed, default_group = security_group_ensure_default(context,
+            session=session)
         if 'default' in security_groups:
             models.append(default_group)
             # Generate a new list, so we don't modify the original
@@ -3527,11 +3527,17 @@ def security_group_create(context, values, session=None):
 
 
 def security_group_ensure_default(context, session=None):
-    """Ensure default security group exists for a project_id."""
+    """Ensure default security group exists for a project_id.
+
+    Returns a tuple with the first element being a bool indicating
+    if the default security group previously existed. Second
+    element is the dict used to create the default security group.
+    """
     try:
         default_group = security_group_get_by_name(context,
                 context.project_id, 'default',
                 columns_to_join=[], session=session)
+        return (True, default_group)
     except exception.NotFound:
         values = {'name': 'default',
                   'description': 'default',
@@ -3539,7 +3545,7 @@ def security_group_ensure_default(context, session=None):
                   'project_id': context.project_id}
         default_group = security_group_create(context, values,
                 session=session)
-    return default_group
+        return (False, default_group)
 
 
 @require_context