Hello,
first of all, I have experience with something similar to this. I made my own web hosting provisioning system for my development server. It worked similar to the system you described. It was running on the central server and used SSH to connect to other hosting servers.
I'd build a web interface using Javascript (jQuery) and PHP. It would only read data from the MySQL database. User actions regarding the VPS would be added to the queue. Queue would actually be a table in the database. A separate system would run in the background, take orders from the queue and execute them. I'd use Perl or Python for that system. It would connect to all the other servers using SSH with RSA keys.
This way it would be secure and reliable. All the server commands would go through one point where they could be checked for security issues.
If you want all the VPSs to allow SSH only from the central server it could be done using iptables on each of those servers.
Regards,
Vjekoslav Giacometti