diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index 5313f2fb4..dfe6b1331 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -1596,6 +1596,13 @@ def instance_create(context, values):
     context - request context object
     values - dict containing column values.
     """
+
+    # NOTE(rpodolyaka): create the default security group, if it doesn't exist.
+    # This must be done in a separate transaction, so that this one is not
+    # aborted in case a concurrent one succeeds first and the unique constraint
+    # for security group names is violated by a concurrent INSERT
+    security_group_ensure_default(context)
+
     values = values.copy()
     values['metadata'] = _metadata_refs(
             values.get('metadata'), models.InstanceMetadata)
@@ -3859,7 +3866,13 @@ def security_group_update(context, security_group_id, values,
 def security_group_ensure_default(context):
     """Ensure default security group exists for a project_id."""
 
-    return _security_group_ensure_default(context)
+    try:
+        return _security_group_ensure_default(context)
+    except exception.SecurityGroupExists:
+        # NOTE(rpodolyaka): a concurrent transaction has succeeded first,
+        # suppress the error and proceed
+        return security_group_get_by_name(context, context.project_id,
+                                          'default')
 
 
 def _security_group_ensure_default(context, session=None):