We'd heard about chef, and tried puppet; the uuber configuration management system which is great, so they say; on the 3rd or 4th incarnation :) We wanted something a bit simpler something that avoided the monolithic client/server model, could be run anywhere (with git) and which used the SSH key auth we were already using. It had to be able to manage groups of machines in a logical "idempotent" way. Idempotent means you can apply a play which says "make it like thus" and if nothing needs to change, nothing is changed. You can apply it again (and again) and not break anything.
So anyhow we found all of that in a free open source software project called Ansible;
"Orchestrate From Above.
Most software does not run on a single machine.
Ansible parallelizes complex multi-tier rollouts across app servers, databases, monitoring servers, and load balancers.."
after following the doco I had it up and running managing NTP on 25 servers within a day. A good percentage of that was spent sorting out root ssh access (although sudo is ok too) and finding out what NTP is actually packaged as on centos vs ubuntu vs debian etc.
We've now moved on to managing users and ssh keys with Ansible and i can see this making a very significant difference for us.