diff --git a/opennebula-images/centos-build-luks-opennebula-image.sh b/opennebula-images/centos-build-luks-opennebula-image.sh
index e438df8..fcd34c3 100755
--- a/opennebula-images/centos-build-luks-opennebula-image.sh
+++ b/opennebula-images/centos-build-luks-opennebula-image.sh
@@ -6,23 +6,21 @@
 #   qemu-img util-linux coreutils dnf curl e2fsprogs cryptsetup
 
 # Run locally (without network) with:
-#   qemu-system-x86_64 -enable-kvm -m 1G -drive file=$IMAGE,format=qcow2
+#   qemu-system-x86_64 -enable-kvm -m 1G -drive file=$IMAGE,format=raw
 
 set -e
 set -x
 
-# XXX: Handle command-line arguments?
 RELEASE=7
 ARCH=x86_64
-IMAGE_PATH=centos-$RELEASE-$(date --iso-8601).img
+IMAGE_PATH=centos-luks-$RELEASE-$(date --iso-8601).img
 IMAGE_SIZE=10G
 LOOPBACK_DEVICE=/dev/loop0
-LUKS_PASSPHRASE=secretsecretsecret
+LUKS_PASSPHRASE=secret
 LUKS_DEVICE_NAME=cryptroot
 LUKS_DEVICE="/dev/mapper/$LUKS_DEVICE_NAME"
 
-# TODO: find the package definition and built ourself, publish in some RPM repository.
-ONE_CONTEXT_RPM_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v5.10.0/one-context-5.10.0-1.el8.noarch.rpm"
+ONE_CONTEXT_RPM_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v5.10.0/one-context-5.10.0-1.el7.noarch.rpm"
 ONE_CONTEXT_RPM_PATH=/root/one-context.rpm
 
 cleanup() {
@@ -82,13 +80,18 @@ mount "${LUKS_DEVICE}" /mnt
 mkdir /mnt/boot
 mount "${LOOPBACK_DEVICE}p1" /mnt/boot
 
+# AppStream landed in CentOS 8.
+if [ $RELEASE >= 8 ]; then
+	enabled_repos="--enablerepo=BaseOS --enablerepo=AppStream --enablerepo=extras"
+else
+	enabled_repos="--enablerepo=Base --enablerepo=extras"
+fi
+
 dnf -y \
 	--releasever=$RELEASE \
 	--installroot=/mnt \
 	--disablerepo='*' \
-	--enablerepo=BaseOS \
-	--enablerepo=AppStream \
-	--enablerepo=extras \
+	$enabled_repos \
 	--setopt=install_weak_deps=False install \
 	bash basesystem systemd systemd-udev dnf centos-release
 
@@ -147,6 +150,8 @@ kernel_version=$(ls /mnt/boot | grep "vmlinuz.*.$ARCH" | cut -d- -f2-)
 run_root dracut --force --kver $kernel_version
 
 # Configure grub2.
+luks_uuid=$(blkid --match-tag UUID --output value "${LOOPBACK_DEVICE}p2")
+echo "GRUB_CMDLINE_LINUX='rd.luks.uuid=$luks_uuid'" >> /mnt/etc/default/grub
 run_root grub2-install --target=i386-pc "${LOOPBACK_DEVICE}"
 run_root grub2-mkconfig -o /boot/grub2/grub.cfg