Deploy & Configuration management strategies

I am investigating the best way to do deploy and configuration management of RHEL boxes, mostly virtual on VMware. I am looking into Satelite as a one stop solution (I hate using various tools that overlap functionality). I can deploy configuration files with Satelite. Is it possible to do post deployment actions after deploying the config file? For example, the ideal situation would be to push i.e. a sshd config file and, when it is different from the old config file, the sshd service is told to reload its config from the new file. I read from the Satellite reference guide about actions with the possibility to execute remote actions, but there seems no relation to configuration file deployment. Alternative with Satelite is to build a "server" rpm with all config files and write a post install to restart the services. This gives, for example, md5 checksums on config files from rpm tooling. When installing a new version of this rpm the configfiles get overwritten (if the rpm is set up to do so), and services are notified to reload/restart. Another alternative is to build a standard server golden image and clone these in VMware. Then use puppet to give the server it's final packages and configuration. Configuration canges are then all managed using puppet. This gives other problems like subscription management, maintenance of the golden images, etc. What is the best strategy here? Speed of deployment does not have the highest prio, but known configuration and deployment automation has.